Kerberos is a network certification protocol that provides powerful authentication services for client / server applications through key systems. The implementation of the certification process does not rely on the host operating system authentication, there is no need to trust the host address, and does not require physical security of all hosts on the network, and assume that the packet transmitted on the network can be arbitrarily read, modified, and inserted data. . In the above case, Kerberos acts as a trusted third-party authentication service, is performed by traditional password techniques (such as shared keys).
The authentication process is as follows: The client sends a request to the authentication server (AS), requiring a certificate of a server, and then the AS response contains a certificate encrypted with the client key. The configured certificate is: 1) Server "Ticket"; 2) A temporary encryption key (also known as session key "session key"). The client transmits Ticket to the server to the server with a server identity and a session key encrypted with a server key. The session key can be used (now shared by the client and server) to authenticate the client or authentication server, or it can be used to provide encrypted services for communications between communication, or by switching the independent sub-session key to provide further communication. Communication encryption service.
For more information, please visit the following page: 中文 版: http://www.networkDictionary.com/chinese/protocols/kerberos.php
English: http://www.networkDictionary.com/protocols/kerberos.php
