principals & their roles A Kerberos principal is a unique identity to which Kerberos can assign tickets. Principals can have an arbitrary number of components: the primary, the instance and the realm. format typically: primary / instance @ realm
applicationsCampus network where access to various resources (printing, file storage (SMB), computing time, proxy authentication, authorisation) needs to be controlled for a population of users, but where the servers do not necessariyl know about (or trust) the users.
weaknesses availability scalability revocation time synchronization reliance TGT lifetime Kerberos has a single point of failure at the authentication server or the ticket granting server. Kerberos systems can only scale to support as much as the central authentication and/ or TGT servers can handle. Ticket granting tickets are good for 10 hours. If a ticket is compromised, there is no mechanism to revoke the ticket. Clocks on the network cannot be more than 5 minutes out of sync for Kerberos to work. The relatively long life and the fixed structure of the TGT opens the door for offline attacks to figure out the encryption key. In Kerberos version 4, the encrpytion algorithm was DES which can be compromised today.
entities authentication server ticekt granting server client server
ahthentication and key exchangeHIGH LEVEL! For exam detail see shared notes!!
Exam - Kerberos
Want to create your own Notes for free with GoConqr? Learn more.