Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Overview
Authentication Process
Chapter 1 31
Kerberos-secured applications perform this optional step. First, the
service modifies the data in the authenticator with an algorithm known
to the client. The authenticator is then encrypted in the session key and
returned to the client. The client uses its copy of the session key to
decrypt the authenticator and verifies that the data was properly
modified.
The most important aspect of this authentication protocol is that it is
based on shared secrets between the Kerberos Server and each
principal, that is, the user and service principals. The service principal
that successfully decrypts a ticket can trust that the Kerberos Server
created and encrypted the ticket, since only the server and the service
principal share the key that correctly encrypted and decrypted the ticket.
A user can view the tickets issued to them by running klist.