18 Oct 2025
Kerberos
kerberos v4
Auth server in kerberos
- Use DES to provide auth.
- Store passwords in a central server.
- Each server that is a client of the scheme has a unique key
tix granting server
- Each user is granted a ticket from the server.
- Each time a user needs a new service, it auths itself with the TGS using the ticket generated.
- TGS grants a service-specific ticket to the user.
Shortcomings of kerberos
- Fixed enc algo.
- Fixed time granularity - 5 mins.
- Double encryption in some cases.
- Replay attacks on session keys.
- Password attacks on messages from AS to client.
