|Subject||Computer and Network Security|
|NU Year||Set: 4.(b) Marks: 1+7 Year: 2017|
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.
Key Design Principles Key Design Principles
The network is open
⇒ Need a proper secret key to understand the messages received (except message 1, which is in clear)
2. Every client and server has a pre-shared secret with the KDC.
3. KDC and Ticket Granting Server (TGS) are logically separate but share a secret key
4. Both KDC and TGS are stateless and do not need to remember the permissions granted. All the
state is in the tickets. (Day pass is just a longer term ticket)
5. Longer term secrets are used less frequently. Short term secrets are created and destroyed after a