Kerberos: Difference between revisions
| (10 intermediate revisions by the same user not shown) | |||
| Line 23: | Line 23: | ||
== References == | == References == | ||
{| | |||
| valign="top" | | |||
* [https://docs.oracle.com/cd/E36784_01/html/E37126/st-mkey-1.html How to Create, Use, and Store a New Master Key for the Kerberos Database] | |||
* [https://bugs.launchpad.net/ubuntu/+source/kerberos-configs/+bug/1404351 krb5-config missing debconf-set-selections variable] | |||
* [http://jurjenbokma.com/ApprenticesNotes/ad_kinit.xhtml Debian/Ubuntu Linux with AD Kerberos Server] | |||
* [http://www.rjsystems.nl/en/2100-d6-kerberos-openldap-provider.php Integrated Kerberos-OpenLDAP provider] | |||
* [https://www.certdepot.net/rhel7-configure-kerberos-kdc/ RHEL7: Configure a Kerberos KDC] | |||
* [https://docs.oracle.com/cd/E19683-01/806-4078/6jd6cjrve/index.html How to Configure a Master KDC] | |||
* [https://gist.github.com/ashrithr/4767927948eca70845db Installing Kerberos on Redhat 7] | |||
* [https://web.mit.edu/kerberos/krb5-1.12/doc/admin/admin_commands/ Administration programs] | |||
* [http://thejavamonkey.blogspot.my/2008/04/clientserver-hello-world-in-kerberos.html Kerberos Hello World] | |||
* [https://github.com/NottingHack/hms/blob/master/vagrant_config/bootstrap.sh NottingHack/hms] | |||
| valign="top" | | |||
* [https://stackoverflow.com/questions/50649294 Spring Security Kerberos SSO for a REST API] | |||
* [https://medium.com/datadriveninvestor/single-sign-on-with-kerberos-using-spring-bff3eb835bc8 Single Sign-On with Kerberos using Spring] | |||
* [https://www.baeldung.com/spring-security-kerberos-integration Spring Security Kerberos Integration] | |||
* [https://spring.io/guides/gs/authenticating-ldap/ Authenticating a User with LDAP] | |||
* [https://www.baeldung.com/spring-security-kerberos Spring Security Kerberos] | |||
* [http://web.mit.edu/kerberos/www/ MIT's Kerberos] | |||
* [https://tools.ietf.org/html/rfc1510 RFC 1510] | * [https://tools.ietf.org/html/rfc1510 RFC 1510] | ||
|} | |||
Latest revision as of 04:34, 3 June 2020
Overview
Kerberos is an authentication protocol developed by the Massachusetts Institute of Technology. Kerberos allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos authentication can be used to overcome weak points such as eavesdropping and replay attacks in other authentication mechanisms and to ensure the integrity of the data that is communicated.
The Kerberos authentication process involves several systems connected in a network, or a Kerberos realm. Kerberos authentication within a realm works on the basis of tickets, which serve to prove the authenticity of client requests. Kerberos authentication makes use of a trusted third party system called Key Distribution Center (KDC).
The KDC maintains a database of secret keys where each member system of a realm - whether a client or a server - shares a secret key known only to itself and to the Kerberos KDC. Knowledge of this key serves to prove the system's identity and this key never leaves the KDC. After the client is authenticated the KDC generates a session key for communication between the client and the application server, which they can use to secure their interactions.
Keywords Usages
| Keyword | Elaboration |
|---|---|
| KDC | Key Distribution Center |
| TGT | Ticket Granting Ticket |
| TGS | Ticket Granting Server |