First page Back Continue Last page Overview Graphics
Review: Kerberos Credentials
Ticket
- Allows user to use a service (actually authenticate to it)
- Used to securely pass the identity of the user to which the ticket is issued between the KDC and the application server
- Kb{“alice”, Kab, lifetime}
Authenticator
- Proves that the user presenting the ticket is the user to which the ticket was issued
- Proof that user knows the session key
- Prevents ticket theft from being useful
- Prevents replay attacks (timestamp encrypted with the session key): Kab{timestamp}, in combination with a replay cache on the server