Your SlideShare is downloading. ×
Kerberos Authentication Process In Windows
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Kerberos Authentication Process In Windows


Published on

1 Comment
  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Kerberos Authentication Process In Windows
  • 2. Kerberos• Developed at M.I.T. in 1980.• Greek Mythology: 3 headed dog.• 3 “heads” — a client, a server, and a trusted third party that mediates between the other two.• A secret key based service for providing authentication in open networks.• Authentication mediated by a trusted 3rd party on the network: – Key Distribution Center (KDC)• Kerberos Version 5
  • 3. Firewall v/s Kerberos• Firewall – Assume that "the bad guys" are on the outside. – Bur real treat is from insiders.• Kerberos – Assumes that network connections are the weak link in network security. – Strong authentication compared to firewalls.
  • 4. Authentication?• Verifying someone’s identity• Types of Authentication: 1) Password Based 2) Cryptographic
  • 5. Cryptographic Authentication• No password over the Network.• User Identification done by a cryptographic operation based on: – Quantity supplied by the server – user’s secret key
  • 6. Encryption and Decryption• Encryption- • Source • Data + Cipher text = Encryption• Decryption- • Destination • Decipher text - Data = Decryption
  • 7. Symmetric Key Cryptography• Secret Key cryptography• Same key .• Algorithms: DES, 3-DES, AES
  • 8. Asymmetric Key Cryptography• Public key cryptography• A pair of related keys are used: – Public and Private keys.• Data encrypted with one can only be decrypted with the other• Usually, a user publishes his public key widely – Others use it to encrypt data intended for the user – User decrypts using the private key (known only to him)• Algorithm: RSA
  • 9. Key Distribution Center (KDC)• Implemented as a domain service• Active Directory for database• Global Catalog for directing referrals to KDCs in other domains.• Uses certificates to encrypt communication between client and KDC.
  • 10. Key Distribution Center (KDC)Types Of Keys Used• Long-Term Symmetric Keys: User, System, Service, and Inter-realm Keys• Long-Term Asymmetric Keys: Public Key• Short-Term Symmetric Keys: Session Keys
  • 11. Key Distribution Center (KDC)• Authentication Service (AS)• Ticket-Granting Service (TGS)
  • 12. Key Distribution Center (KDC)
  • 13. Key Distribution Center (KDC)
  • 14. Common Issues• Infrastructure Required: – Active Directory – TCP/IP Network Connectivity – Domain Name System – Time Service – Operating System
  • 15. Common Issues• Console logon, Network logon, access to network resources, or remote access• How to identify if issues is related to Kerberos? – Event log : System , Security – Source: Kerberos, KDC, LsaSrv, or Netlogon
  • 16. Common Issues1) Time Synchronization (Clock Skew) – 0x25: KRB_AP_ERR_SKEW: Clock Skew too great
  • 17. Common Issues2) UDP Fragmentation
  • 18. Common Issues3) Group Membership Overloads PAC – 0x3C - KRB_ERR_GENERIC: Generic error
  • 19. Common Issues• 4) Need an SPN Set – KDC_ERR_C_PRINCIPAL_UNKNOWN
  • 20. Thank You