|
Define Kerberos? What are the key benefits of Kerberos? How is it managed in Windows 2000 system? Definition: Kerberos is a computer-network authentication
protocol that works on the basis of tickets to allow nodes communicating over
a non-secure network to prove their identity to one another in a secure
manner. Benefits
of Kerberos ·
The benefits to end-users of a network running
Kerberos are that a Single Sign On (SSO) will be maintained and the users are
not required to authenticate with each resource they wish to access in the
network, and since Trusts in Windows 2000 are transitive, once a user logs on
to one domain user, s/he will have access to the other domains of the
network. ·
Another key benefit of Kerberos is that it has a
mechanism for verifying the identity of the user, not just authentication.
This means that in a Kerberos network, if a message says it came from User X,
you can be very confident it did indeed come from User X.  In Windows 2000
no action is required to implement Kerberos. Kerberos will be used by default
to authenticate network clients (with Windows 2000) logging onto a Windows
2000 domain. However, it
should be noted that Windows 2000 is able to intemperate with non-Windows
2000 machines running Kerberos. When a user the
log on process by entering his credentials, Windows will contact an Active
Directory domain controller, and locate the Kerberos Key Distribution Center
(KDC). An Authentication Server (AS) performs the actual authentication. The
KDC responds by issuing a Ticket Granting Ticket (TGT) to the authenticated
user. The TGT contains identification information about this user to various
servers on the network, and is used to gain further access in the network. After the user
account has been authenticated, the TGT is used to request further Kerberos
tickets in order to access network services. The machine that provides the
tickets for the network resources to the authenticated client is known as a
Ticket Granting Server (TGS). |
