Escolar Documentos
Profissional Documentos
Cultura Documentos
2
Enter user name
Password 1 Hash of server
Domain name password 4
3
16 bit Nounce
5
encrypting the
logon session key
and a TGT for the
user with its own
master key.
Kerberos Authentication
how the client gets the initial TGT from the KDC:
• The user logs in to the client with a username and password.
• The client encrypts the password and saves it.
• The client sends the KDC a message requesting credentials for the TGT
service, along with the user's encrypted password.
• The KDC compares the encrypted password with its master copy to make
sure they match. It also checks the timestamp the client added to the
request to make sure it is within five minutes of its own time.
• If everything matches, the KDC creates the requested credentials for the
TGT service by creating a logon session key and encrypting it with the
user's key.
• The KDC also creates another credential by encrypting the logon session
key and a TGT for the user with its own master key.
• The KDC then sends both credentials to the client.
• The client decrypts the logon session key from the first credential using its
encrypted password, and it stores that logon session key in its ticket cache.
• The client also stores the TGT in its ticket cache.
.NET Passport Authentication