Solved

How does kerberos really secure anything in relation to the definition below?

Posted on 2009-05-19
1
282 Views
Last Modified: 2013-11-16
"Under Kerberos, a client (generally either a user or a service) sends a request for a ticket to the Key Distribution Center (KDC). The KDC creates a ticket-granting ticket (TGT) for the client, encrypts it using the client's password as the key, and sends the encrypted TGT back to the client. The client then attempts to decrypt the TGT, using its password. If the client successfully decrypts the TGT (i.e., if the client gave the correct password), it keeps the decrypted TGT, which indicates proof of the client's identity."

If the password is sent in clear text initially to the KDC, can't someone on the network sniff out the password and intervene in the middle of the transmission?  Or perhaps I am not getting how it works?
0
Comment
Question by:Sp0cky
1 Comment
 
LVL 4

Accepted Solution

by:
my2eggs earned 250 total points
ID: 24425001
It doesn't send the password in a clear text. It uses a one-way hash which never actually gets sent across the network. The hash is used for encryption of the ticket granting server session key. The authentication service will be able to decrypt it because it also has a secure connection to a user database. Thus the client and the server simply use a hashed version of the password for encryption only. They never actually send the password in any form across the network.

This wiki article might provide a little more insight in the process.

http://en.wikipedia.org/wiki/Kerberos_(protocol)#Protocol
0

Featured Post

Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
An analysis of the phishing scam that has been affecting Google users, along with steps to take for protection, as well as what to do if you receive one of the emails.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now