Labels:text | screenshot | font OCR: The Kerberos authentication system at work KERBEROS KEY DISTRIBUTION 2 USER: CENTER (KDC) KOC Enters nome ond requests service Checks database to verify user's access rights. (access to data warehouse). . Sends request to KDC. Authentication service Generales random session key. Creates ticket, which includes identifying USER WORKSTATION User nomes, service information such as user name, requested hamDes, secret keys service nome, time stamp, and expiration fime. Encrypts ticket plus session key with requested Ticket-granting servike service key. "Encrypts both with user's key and sends back to requesting workstation. 3 WORKSTATION CLIENT SOFTWARE Receives ticket and prompts user for password. Translates password to user's secret key. INTERNET Uses secret key to decrypt ticket and session key. An cavesdropper sniffing Creates authenticator from properly decrypled ticket/session key. INTRANET network traffic will pick up Sends copy of ticket plus authenticator to requested service. nothing but encrypted datu 4 ORACLE UAIA WAKEHUUSt Receives ticket plus cuthenticator, Decrypts ticket plus authenticator using its own key. Confirms that tequesled service in ticket hos valid nome, Removes session key from the ticket and uses ORACLE session key to decrypt authenticalor. DATA WAREHOUSE OTHER CLIENTS Checks time stamp of authentkotor to ensure request is valid. If oll confirms, processes user request.