Your SlideShare is downloading. ×
Kerberos Authentication Process In Windows
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Kerberos Authentication Process In Windows

1,409
views

Published on


1 Comment
0 Likes
Statistics
Notes
  • Be the first to like this

No Downloads
Views
Total Views
1,409
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
42
Comments
1
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Kerberos Authentication Process In Windows
  • 2. Kerberos• Developed at M.I.T. in 1980.• Greek Mythology: 3 headed dog.• 3 “heads” — a client, a server, and a trusted third party that mediates between the other two.• A secret key based service for providing authentication in open networks.• Authentication mediated by a trusted 3rd party on the network: – Key Distribution Center (KDC)• Kerberos Version 5
  • 3. Firewall v/s Kerberos• Firewall – Assume that "the bad guys" are on the outside. – Bur real treat is from insiders.• Kerberos – Assumes that network connections are the weak link in network security. – Strong authentication compared to firewalls.
  • 4. Authentication?• Verifying someone’s identity• Types of Authentication: 1) Password Based 2) Cryptographic
  • 5. Cryptographic Authentication• No password over the Network.• User Identification done by a cryptographic operation based on: – Quantity supplied by the server – user’s secret key
  • 6. Encryption and Decryption• Encryption- • Source • Data + Cipher text = Encryption• Decryption- • Destination • Decipher text - Data = Decryption
  • 7. Symmetric Key Cryptography• Secret Key cryptography• Same key .• Algorithms: DES, 3-DES, AES
  • 8. Asymmetric Key Cryptography• Public key cryptography• A pair of related keys are used: – Public and Private keys.• Data encrypted with one can only be decrypted with the other• Usually, a user publishes his public key widely – Others use it to encrypt data intended for the user – User decrypts using the private key (known only to him)• Algorithm: RSA
  • 9. Key Distribution Center (KDC)• Implemented as a domain service• Active Directory for database• Global Catalog for directing referrals to KDCs in other domains.• Uses certificates to encrypt communication between client and KDC.
  • 10. Key Distribution Center (KDC)Types Of Keys Used• Long-Term Symmetric Keys: User, System, Service, and Inter-realm Keys• Long-Term Asymmetric Keys: Public Key• Short-Term Symmetric Keys: Session Keys
  • 11. Key Distribution Center (KDC)• Authentication Service (AS)• Ticket-Granting Service (TGS)
  • 12. Key Distribution Center (KDC)
  • 13. Key Distribution Center (KDC)
  • 14. Common Issues• Infrastructure Required: – Active Directory – TCP/IP Network Connectivity – Domain Name System – Time Service – Operating System
  • 15. Common Issues• Console logon, Network logon, access to network resources, or remote access• How to identify if issues is related to Kerberos? – Event log : System , Security – Source: Kerberos, KDC, LsaSrv, or Netlogon
  • 16. Common Issues1) Time Synchronization (Clock Skew) – 0x25: KRB_AP_ERR_SKEW: Clock Skew too great
  • 17. Common Issues2) UDP Fragmentation
  • 18. Common Issues3) Group Membership Overloads PAC – 0x3C - KRB_ERR_GENERIC: Generic error
  • 19. Common Issues• 4) Need an SPN Set – KDC_ERR_C_PRINCIPAL_UNKNOWN
  • 20. Thank You