Friday, February 2, 2018

Kerberos

https://en.wikipedia.org/wiki/Kerberos_(protocol)

https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html/how_to_set_up_sso_with_kerberos/sso_with_kerberos_deeper_dive




https://en.wikipedia.org/wiki/Generic_Security_Services_Application_Program_Interface



KDC = Key Distribution Center

TGT = Ticket-Getting Ticket

AS = Authorization Server

ST = Service Ticket

TGS = Ticket Granting Service

SPN = Service Principal Name

1) AS-REQ / AS-REP : user logs in, using key in keytab file he authenticates in AS/KDC. AS/KDC checks if user exists in its DB. User gets a TGT (time limited)
2) user


Kerberos uses a keytab file https://kb.iu.edu/d/aumh

No comments: