Solved

How Tokens effect Kerberos mechanism

Posted on 2013-05-11
1
290 Views
Last Modified: 2013-05-22
Hello,
I am planning to implement Hadoop Security using Kerberos. It says that using Tokens will ensure KDC is not a bottleneck. I have heard about principle and keytabs. Where does Keberos Tokens come into the picture, Or are kerberos tickets called kerberos tokens...??

Thanks,
0
Comment
Question by:sriveena2010
1 Comment
 
LVL 8

Accepted Solution

by:
Dipak earned 500 total points
ID: 39159171
The words token and ticket depend greatly on the type of system you're dealing with; and in what context you are talking. On Windows NT derivatives, the concept of a token is an identity. When a user or service logs in to a system, the system validates their integrity once, and mints a token, which is handed to that user/service and serves as their identity. The system then doesn't need to validate identity every time a program opens a file, for example. This basically ensures a clean separation between authentication (proving a user/service is who they say they are) and authorization (determining whether a user/service can access some resource).

On the other hand, (again for NT derivatives) the word ticket usually refers to Kerberos tickets. These are used for two machines on a domain to be able to prove each others' identity. After proving one's identity to the domain controller (with traditional means such as password or smart card), the domain controller mints a ticket which can be passed to remote machines to verify identity.

If one is dealing with a remote machine, then it is likely both tickets and tokens are involved. For instance, if machine A opens a file share on machine B, then machine A validates the user using it with the domain controller, thus getting a Kerberos ticket. It then uses the Kerberos ticket to verify its identity with machine B. Machine B then creates a session for machine A, minting a token, to serve as that session identity for local authorization queries on machine B.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now