Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How does kerberos really secure anything in relation to the definition below?

Posted on 2009-05-19
1
Medium Priority
?
290 Views
Last Modified: 2013-11-16
"Under Kerberos, a client (generally either a user or a service) sends a request for a ticket to the Key Distribution Center (KDC). The KDC creates a ticket-granting ticket (TGT) for the client, encrypts it using the client's password as the key, and sends the encrypted TGT back to the client. The client then attempts to decrypt the TGT, using its password. If the client successfully decrypts the TGT (i.e., if the client gave the correct password), it keeps the decrypted TGT, which indicates proof of the client's identity."

If the password is sent in clear text initially to the KDC, can't someone on the network sniff out the password and intervene in the middle of the transmission?  Or perhaps I am not getting how it works?
0
Comment
Question by:Sp0cky
1 Comment
 
LVL 4

Accepted Solution

by:
my2eggs earned 1000 total points
ID: 24425001
It doesn't send the password in a clear text. It uses a one-way hash which never actually gets sent across the network. The hash is used for encryption of the ticket granting server session key. The authentication service will be able to decrypt it because it also has a secure connection to a user database. Thus the client and the server simply use a hashed version of the password for encryption only. They never actually send the password in any form across the network.

This wiki article might provide a little more insight in the process.

http://en.wikipedia.org/wiki/Kerberos_(protocol)#Protocol
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question