Subject: Kerberos Authentication Protocol (V5) -- RFC 1510
Author: Alex_Raj
Posted on: 11/08/2006 06:47:42 PM
The authentication process proceeds as follows: A client sends a request to the authentication server (AS) requesting "credentials" for a given server. The AS responds with these credentials, encrypted in the client's key. The credentials consist of 1) a "ticket" for the server and 2) a temporary encryption key (often called a "session key"). The client transmits the ticket (which contains the client's identity and a copy of the session key, all encrypted in the server's key) to the server. The session key (now shared by the client and server) is used to authenticate the client, and may optionally be used to authenticate the server. It may also be used to encrypt further communication between the two parties or to exchange a separate sub-session key to be used to encrypt further communication.
The Kerberos protocol consists of several sub-protocols (or exchanges):
AS -- The Authentication Service ExchangeTGS-- The Ticket-Granting Service ExchangeCS -- The Client/Server Authentication Exchange
Replies:
References: