Kerberos
Edit me
creates logical network of devices - REALM - and uses a system of tickets and session keys to auth clients
- client auth itself to KDC
- receives TGT (ticket-granting ticket) + session key
- TGT + session key = credentials for other devices in realm
- client needs another device in realm
- client decrypts session key & sends it w/ TGT to TGS (ticket-granting server)
- TGS returns a ST (service ticket) encrypted w/ a key specific to the wanted device
- TGS returns also a second session key
- client sends ST + second session key to device
role | function |
---|---|
KDC (key distribution center) | - authenticates the user in realm |
- returns TGT (ticket-granting ticket) + session key | |
TGS (ticket granting server) | - authenticates the user for a service/server (permission to access) |
- returns ST (service ticket - enc w/ target’s key) + session key for target |