Manualshelf

HP CIFS Server 3.0d Administrator's Guide version A.02.02 (Edition 5)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
191192193194195196197198199200
Kerberos Support
Kerberos Overview
Chapter 8 181
Kerberos Overview
Kerberos is an authentication protocol which utilizes shared secrets and
encryption to decode keys between an authenticator, authenticatee, and
some resource that the authenticatee requires access to. In the particular
case of HP CIFS Server, the following applies
Windows Key Distribution Center (KDC): Authenticator
Windows client: Authenticatee
HP CIFS Server: Resource
The protocol exchanges do not include actual passwords passed over the
wire, therefore a password cannot be sniffed and unencrypted to gain
access to a resource. Instead, encrypted keys are passed over the wire
and the 3 principals (KDC, Windows client, and CIFS server) each use
pre-arranged secrets to decode the keys and allow access. The secrets are
not transferred.The critical components of the exchanges are:
Windows Key Distribution Center (KDC): Central Kerberos
Authority for a domain
Long-Term Key: Persistent key that is derived from a client’s
password
Session Key: Short-term key that is used for authentication before it
expires
Ticket Granting Ticket (TGT): Allows a client access to the KDC to
get a service ticket from TGS
Ticket Granting Service (TGS): Exchange that provides client access
to a CIFS server’s service
Authentication Service: Exchange that actually allows client access
to the KDC
For a comprehensive Microsoft Kerberos implementation white paper,
refer to the following web site:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/c
onfeat/kerbers.mspx