Manualshelf

Configuration Guide for Kerberos Client Products on HP-UX

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
21222324252627282930
Overview
Authentication Process
Chapter 126
Time stamp
Nonce
Step 2. If the AS decrypts the message successfully, it authenticates the
requesting user and issues a TGT. The TGT contains the user name, a
session key for your use, and name of the server to be used for any
subsequent communication. The reply message is encrypted using your
secret key.
NOTE The AS decrypts the request only when the pre-authentication option is
set in the AS request. If the pre-authentication option is not set, the AS
issues the TGT if the principal is available in the Kerberos database.
Step 3. The client decrypts the message using your secret key. The TGT and the
session key from the message are stored in the clients credential cache.
These credentials are used to obtain tickets for each network service the
principal wants to access.
The Kerberos protocol exchange has the following important features:
The authentication scheme does not require that the password be
sent across the network, either in encrypted form or in clear text.
The client (or any other user) cannot view or modify the contents of
the TGT.
Step 4. To obtain access to a secured network service such as rlogin, rsh, rcp,
ftp, or telnet, the requesting client application uses the previously
obtained TGT in a dialogue with the TGS to obtain a service ticket. The
protocol is the same as used while obtaining the TGT, except that the
messages contain the name of the server and a copy of the previously
obtained TGT.
Step 5. The TGS returns a new service ticket that the application client can use
to authenticate to the service. The service ticket is encrypted with the
service key shared between the KDC and the application server.
Step 6. The application server authenticates the client using the service key
present in the keytab file. It decrypts the service ticket using the service
key and extracts the session key. Using the session key, the server
decrypts the authenticator and verifies the identity of the user. It also