Kerberos: Man’s Best Friend

Introduction and Summary

• The Authentication Problem

• Password-Based Authentication

• Kerberos

• Comparison

• Conclusion

The Authentication Problem

• Users and Services

• Who are you?

• What do you want?

• Why do you keep touching me?

Password-Based Authentication

• Users and Services Redux

• Password Files and Hashing

• One User, One Password, One Service

• Password Synchronization Methods

Kerberos

• Why the Silly Name?

• A Bit of History

• General Aims and Goals

Building Security:A Real World Example

• Authentication: The Guards Know You

• Services: Why You Don’t Show Your Badge at the Water Cooler

Encryption:How to Use Your Password

Without Using Your Password

• Everything is a Number

• Public-Key vs. Private-Key (Conventional)

• Passwords = Shared Knowledge

Basics of a Kerberos Transaction

• Son of Users and Services

• Everybody Gets a Password

• Centralized Password Authority

• A Sample Packet: Example Ticketpassword{user:client:service:expires:time}

Session Keys and Services

• Why Do We Need Session Keys?– Replay Attacks– Passwords != Shared Knowledge– Authenticating the Authenticator

• A Sample Packet: User Authenticationsession{username:address} +

password{session:user:client:service:expires:time}

Ticket-Granting Tickets(And Other Self-Referential Nonsense)

• Tickets Are a Service Too– Ticket-Granting Servers Grant Tickets– Timestamps Stamp Times– Expiration Expires

• One User, One Password, Many Services

Realms

• Kerberos’ Scalability Problems

• Remote Ticket-Granting Servers

• Hierarchical Encapsulation

Why You Should Use Kerberos(An Unbiased Review)

• Unified Password Schemes and Psychology

• Synchronization Issues Disappear

• Secure Passwords are Secure

• Administrators Save Time and Energy

Problems with Kerberos

• Unified Password Schemes and Psychology

• Public Terminals and Replay Attacks

• Supported Applications

General Security Problems(Users Aren’t Too Bright)

• Bad Passwords are Bad

• Good Passwords are Bad

• Security Workarounds for Convenience

Conclusion: Is Kerberos Right for Me?

• Size Does Matter (A Little)

• Predicting the Future for Fun and Profit

• Windows 2000: Engulfed in Evil

Any Questions?

Thank you for enduring my presentation.

Those of you with questions, please ask them.

The rest of you may watch a dancing monkey: