2 cissp ® Official Study Guide Eighth Edition


The KDC then transmits the encrypted symmetric key and the encrypted time-stamped  TGT to the client.  6



Download 19,3 Mb.
Pdf ko'rish
bet568/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   564   565   566   567   568   569   570   571   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

5.
The KDC then transmits the encrypted symmetric key and the encrypted time-stamped 
TGT to the client. 
6.
The client installs the TGT for use until it expires. The client also decrypts the sym-
metric key using a hash of the user’s password.
Note that the client’s password is never transmitted over the network, 
but it is verified. The server encrypts a symmetric key using a hash of the 
user’s password, and it can only be decrypted with a hash of the user’s 
password. As long as the user enters the correct password, this step 
works. However, it fails if the user enters the incorrect password.
When a client wants to access an object, such as a resource hosted on the network, it 
must request a ticket through the Kerberos server. The following steps are involved in this 
process: 
1.
The client sends its TGT back to the KDC with a request for access to the resource. 
2.
The KDC verifies that the TGT is valid and checks its access control matrix to verify 
that the user has sufficient privileges to access the requested resource. 

Implementing Identity Management 
605
3.
The KDC generates a service ticket and sends it to the client.
4.
The client sends the ticket to the server or service hosting the resource.
5.
The server or service hosting the resource verifies the validity of the ticket with the 
KDC.
6.
Once identity and authorization is verified, Kerberos activity is complete. The server 
or service host then opens a session with the client and begins communications or data 
transmission.
Kerberos is a versatile authentication mechanism that works over local LANs, remote 
access, and client-server resource requests. However, Kerberos presents a single point of 
failure—the KDC. If the KDC is compromised, the secret key for every system on the net-
work is also compromised. Also, if a KDC goes offline, no subject authentication can occur.
It also has strict time requirements and the default configuration requires that all 
systems be time-synchronized within five minutes of each other. If a system is not syn-
chronized or the time is changed, a previously issued TGT will no longer be valid and the 
system will not be able receive any new tickets. In effect, the client will be denied access to 
any protected network resources.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   564   565   566   567   568   569   570   571   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish