Kerberos Security
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hey, Cybrarians. Welcome back to
00:00
the Linux Plus Course here at Cybrary.
00:00
I'm your instructor Rob Gills.
00:00
In today's lesson, we're going to
00:00
be covering Kerberos Security.
00:00
Upon completion of today's lesson,
00:00
you are going to be able to understand the history and
00:00
benefits of using Kerberos for authentication.
00:00
We're going to talk about how
00:00
Kerberos is structured and then,
00:00
also talk about the purpose of
00:00
the kinit utility and the klist command.
00:00
Kerberos was released as open-source by MIT in 1987.
00:00
It was used to support single sign-on.
00:00
The idea is you sign on once and then you're
00:00
able to access any server on the network.
00:00
This is actually named for
00:00
the mythical Greek creature that guards Hades,
00:00
a three-headed dog that's named
00:00
Kerberos or Cerberos or Cerberus.
00:00
It is preferred for
00:00
public network authentication because
00:00
it uses encrypted tickets.
00:00
Kerberos tickets works just like a ticket to
00:00
a movie or work show or whatever.
00:00
It can only be used for that event and
00:00
when the event ends, the ticket expires.
00:00
Kerberos is made up of three components.
00:00
There's the Authentication Server,
00:00
or AS as is abbreviated.
00:00
This initiates the authentication
00:00
process when the user logs in,
00:00
we can see that on the right-hand side,
00:00
the client logs in,
00:00
sends an AS request to the authentication server,
00:00
and then gets an AS reply.
00:00
From here on, this directs
00:00
the login process through
00:00
>> all Kerberos servers involved.
00:00
>> The next thing that happens is
00:00
the Key Distribution Center or KDC.
00:00
What happens is that the Authentication Server the AS,
00:00
passes login requests to the KDC and
00:00
it issues a ticket-granting ticket
00:00
The ticket-granting ticket,
00:00
the TGT, is encrypted and it has
00:00
a time limit for which it's valid.
00:00
Remember what I said about tickets,
00:00
there are only valid for some period of
00:00
time after that, they're invalid,
00:00
and then finally, there's the ticket-granting service,
00:00
the TGS, which we see below,
00:00
the ticket-granting service, and
00:00
>> ticket-granting server.
00:00
>> The user can access any server,
00:00
also using the authentication system,
00:00
and then the servers go to the TGS to check
00:00
the ticket validity and validate
00:00
that the user can log in through that system.
00:00
In terms of the tools that are
00:00
used for Kerberos, there are two,
00:00
that might be on
00:00
the Linux Plus exam and are in the objectives.
00:00
The first of them is the kinit utility and
00:00
kinit is used in Kerberos to obtain
00:00
>> an individual ticket.
00:00
>> The TGS actually uses the kinit utility to cache
00:00
the ticket and in that cache
00:00
can be used for future authentication.
00:00
The klist command is what can use to
00:00
view the tickets that are contained in that cache.
00:00
For example, you can use klist
00:00
with -v for verbose details,
00:00
and that will tell you information
00:00
about the stuff that's in the cache,
00:00
such as the ticket link and
00:00
the expiration time of those tickets.
00:00
With that, we've reached the end of the lesson.
00:00
In this lesson, we covered the history and
00:00
benefits of using Kerberos for authentication.
00:00
We talked about the components and
00:00
>> structure of Kerberos,
00:00
>> the AS the KDC, and the TGS.
00:00
Finally, we talked about the purpose of
00:00
the kinit utility and the klist command.
00:00
Thanks so much for being here and I look
00:00
forward to seeing you in the next lesson.
Up Next
Instructed By
Similar Content
