A Kerberos principal is a unique identity to
which Kerberos can assign tickets. Principals
can have an arbitrary number of components:
the primary, the instance and the realm.
format typically: primary / instance @ realm
applications
Campus network where access to
various resources (printing, file
storage (SMB), computing time,
proxy authentication, authorisation)
needs to be controlled for a
population of users, but where the
servers do not necessariyl know
about (or trust) the users.
weaknesses
availability
Kerberos has a single point of failure at the
authentication server or the ticket granting server.
scalability
Kerberos systems can only scale to support as much as
the central authentication and/ or TGT servers can handle.
revocation
Ticket granting tickets are good for 10
hours. If a ticket is compromised, there
is no mechanism to revoke the ticket.
time synchronization reliance
Clocks on the network cannot be more than 5
minutes out of sync for Kerberos to work.
TGT lifetime
The relatively long life and the fixed structure of the
TGT opens the door for offline attacks to figure out the
encryption key. In Kerberos version 4, the encrpytion
algorithm was DES which can be compromised today.
entities
authentication server
ticekt granting server
client
server
***Authentication and Key Exchange***
HIGH LEVEL! For exam detail see shared notes!!
User authenticates to authentication server (AS).
AS sends a ticket granting ticket to
the ticket granting server (TGS).
User forwards ticket granting ticket to TGS with a
request to access a different network server.
TGS decrypts ticket granting ticket with key
shared between AS and TGS.
TGS checks ticket for validity and correct timeframe.
TGS sends a service granting ticket to user.
User forwards service granting ticket to network server.
Network server decrypts service granting ticket with
key shared between TGS and network server.
If service granting ticket is valid and within the
correct timeframe, user is allowed access to server.