Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

Working of kerberos

Published in: Technology
  • Be the first to comment


  1. 1. KERBEROS AUTHENTICATION PROCESS<br />BY<br />AjinkyaPatil<br />
  2. 2. Authentication Process<br />1. Request TGT<br />AS<br />2. TGT <br />Key distribution center<br />TGS<br />3. Request Service Ticket<br />4. Service Ticket Sent<br />5. Service Ticket Presented<br />CLIENT MACHINE<br />SERVICE SERVER<br />6. Telnet Communication Channel<br />
  3. 3. Step I (Request TGT)<br /><ul><li>Client enters the credentials User ID and Password
  4. 4. Client Machine performs a Hash Function on PASSWORD.
  5. 5. Client sends User ID to the AS (Authentication Server) in clear-text.</li></li></ul><li>Step II (TGT sent)<br /><ul><li>AS creates the Hash of PASSWORD (SECRET KEY).
  6. 6. AS sends 2 messages to client machine:
  7. 7. Message A:
  8. 8. Message B:</li></li></ul><li>Step II continued<br /><ul><li>TGT encrypted using TGS secret key.
  9. 9. TGS sends Message A & B to Client.
  10. 10. Client Machine is able to decrypt the Messages A only if SECRET KEY (password) is correct.
  11. 11. Client machine has Client/ TGS session Key.
  12. 12. Client cannot decrypt the Message B.</li></li></ul><li>Step III (Service Ticket Request)<br /><ul><li>Message C: (Message B & service ID)
  13. 13. Message D:
  14. 14. Message D consist of encrypted Authenticator using Client/TGS Session Key.</li></li></ul><li>*Decryption at TGS<br /><ul><li>TGS decrypts Message B from Message C by using TGS SECRET KEY.
  15. 15. TGS decrypts Message D using Client/TGS session key.</li></li></ul><li>Step IV (Service Ticket sent)<br /><ul><li>TGS sends Service Ticket that consist of 2 messages
  16. 16. Message E:
  17. 17. Message F:</li></li></ul><li>Step IV continued<br /><ul><li>Message E consist of encrypted Client-to-server Ticket using Service Secret Key.
  18. 18. Message F consist of encrypted Client-to-server session key
  19. 19. Message E & F is sent by TGS to Client Machine.</li></li></ul><li>Step V (Service Request)<br /><ul><li>Message E: (Above)
  20. 20. Message G:
  21. 21. Message G consist of encrypted New Authenticator using Client/Server Session Key.</li></li></ul><li>Step VI (Conformation)<br /><ul><li>SS decrypts the Message E using its SECRET KEY.
  22. 22. Message G is decrypted using client/server session key.</li></li></ul><li>Step VI continued<br /><ul><li>SS sends Message H encrypted using client/server session key to client as conformation.
  23. 23. Client recieves the conformation.
  24. 24. Client request the service and server provides it.</li></li></ul><li>THANK YOU<br />