?
Solved

How Tokens effect Kerberos mechanism

Posted on 2013-05-11
1
Medium Priority
?
300 Views
Last Modified: 2013-05-22
Hello,
I am planning to implement Hadoop Security using Kerberos. It says that using Tokens will ensure KDC is not a bottleneck. I have heard about principle and keytabs. Where does Keberos Tokens come into the picture, Or are kerberos tickets called kerberos tokens...??

Thanks,
0
Comment
Question by:sriveena2010
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 8

Accepted Solution

by:
Dipak earned 1500 total points
ID: 39159171
The words token and ticket depend greatly on the type of system you're dealing with; and in what context you are talking. On Windows NT derivatives, the concept of a token is an identity. When a user or service logs in to a system, the system validates their integrity once, and mints a token, which is handed to that user/service and serves as their identity. The system then doesn't need to validate identity every time a program opens a file, for example. This basically ensures a clean separation between authentication (proving a user/service is who they say they are) and authorization (determining whether a user/service can access some resource).

On the other hand, (again for NT derivatives) the word ticket usually refers to Kerberos tickets. These are used for two machines on a domain to be able to prove each others' identity. After proving one's identity to the domain controller (with traditional means such as password or smart card), the domain controller mints a ticket which can be passed to remote machines to verify identity.

If one is dealing with a remote machine, then it is likely both tickets and tokens are involved. For instance, if machine A opens a file share on machine B, then machine A validates the user using it with the domain controller, thus getting a Kerberos ticket. It then uses the Kerberos ticket to verify its identity with machine B. Machine B then creates a session for machine A, minting a token, to serve as that session identity for local authorization queries on machine B.
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses
Course of the Month12 days, 20 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question