JMU
Kerberos
An Introduction


Prof. David Bernstein
James Madison University

Computer Science Department
bernstdh@jmu.edu


Overview
History
Participants in the Process
The Process (Simplified)
  1. Client sends a request (AS_REQ) to the AS for "credentials" for a given server
  2. The AS response (AS_REP) contains a TGS session key (encrypted using the client's public key) and a ticket-granting ticket (TGT) (encrypted using the TGS's private key)
  3. The client transmits a service request (TGS_REQ) that includes the TGT to a ticket granting server (encrypted using the TGS session key)
  4. The TGS response (TGS_REP) contains a ticket (encrypted using the server's symmetric key) that can be sent to the server for a particular service
  5. The client sends a service request (AP_REQ) that includes the ticket to the server
  6. The server responds (AP_REP)
Contents of Tickets
Types of Tickets
Shortcomings