Solved

How does kerberos really secure anything in relation to the definition below?

Posted on 2009-05-19
1
287 Views
Last Modified: 2013-11-16
"Under Kerberos, a client (generally either a user or a service) sends a request for a ticket to the Key Distribution Center (KDC). The KDC creates a ticket-granting ticket (TGT) for the client, encrypts it using the client's password as the key, and sends the encrypted TGT back to the client. The client then attempts to decrypt the TGT, using its password. If the client successfully decrypts the TGT (i.e., if the client gave the correct password), it keeps the decrypted TGT, which indicates proof of the client's identity."

If the password is sent in clear text initially to the KDC, can't someone on the network sniff out the password and intervene in the middle of the transmission?  Or perhaps I am not getting how it works?
0
Comment
Question by:Sp0cky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 4

Accepted Solution

by:
my2eggs earned 250 total points
ID: 24425001
It doesn't send the password in a clear text. It uses a one-way hash which never actually gets sent across the network. The hash is used for encryption of the ticket granting server session key. The authentication service will be able to decrypt it because it also has a secure connection to a user database. Thus the client and the server simply use a hashed version of the password for encryption only. They never actually send the password in any form across the network.

This wiki article might provide a little more insight in the process.

http://en.wikipedia.org/wiki/Kerberos_(protocol)#Protocol
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Let's recap what we learned from yesterday's Skyport Systems webinar.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question