DFIR Lab

How Kerberos works

Kerberos is an authentication protocol that provides secure authentication over an insecure network. It was originally developed by MIT in the 1980s and is named after the mythical three-headed dog, Cerberus[1]. Kerberos authentication involves multiple components working together to verify and authenticate user identities[2][3]:

  1. Client: The client is the user or entity that wants to access a service.
  2. Authentication Server (AS): The AS performs the initial authentication when a client requests access to a service. It verifies the client’s identity and issues a Ticket Granting Ticket (TGT) on successful authentication.
  3. Ticket Granting Server (TGS): The TGS is responsible for issuing service tickets. It connects the client to the service server.
  4. Key Distribution Center (KDC): The KDC consists of the AS and TGS. It contains a database that stores user credentials and acts as a trusted third party in the authentication process.
  5. Service Server (SS): The SS is the server that hosts the service the client wants to access.

Here’s an overview of how Kerberos authentication works:

  1. Authentication: The client sends a request to the AS for a TGT. The request includes the client’s credentials.
  2. Ticket Granting Ticket (TGT) Issuance: The AS verifies the client’s credentials, generates a TGT if successful, and sends it to the client. The TGT is encrypted with the client’s password.
  3. Ticket Granting Service (TGS) Request: The client wants to access a specific service on the SS. It sends a TGS request to the TGS, including the TGT and the details of the requested service.
  4. Service Ticket Issuance: The TGS verifies the TGT and the client’s authorization for the requested service. If valid, the TGS issues a service ticket that contains a session key encrypted with the service’s key.
  5. Access to Service: The client sends the service ticket to the SS along with a timestamp and other necessary details. The SS decrypts the service ticket using its own key and verifies the client’s authenticity and authorization. If successful, the client is granted access to the requested service.

Throughout the process, cryptography is employed to protect the integrity of the exchanged information and to prevent unauthorized access[4][5]. The use of tickets and session keys allows for secure authentication and reduces the need for continuously transmitting passwords over the network.

It’s important to note that this is a simplified explanation of Kerberos authentication. The protocol also handles ticket renewals, ticket caches, and other security aspects to ensure secure and reliable authentication.

Sources:

  1. Kerberos Authentication Overview | Microsoft Learn
  2. How Does Kerberos Work? The Authentication Protocol Explained
  3. What Is Kerberos? Kerberos Authentication Explained | Fortinet
  4. How Kerberos Authentication Works – phoenixNAP
  5. What is Kerberos and How Does it Work? – TechTarget

Posted

in

by

kb

Tags: