logo_kerberos.gif

Difference between revisions of "User:TomYu/KDC processing"

From K5Wiki
Jump to: navigation, search
(New page: * Authenticate request content ** PKINIT (AS) ** PA-TGS-REQ (TGS) ** FAST (AS or TGS) * Authenticate client ** PA-ENC-TS (weak; AS) ** PKINIT (AS) ** SAM2 (AS) ** PA-ENCRYPTED-CHALLENGE (A...)
(No difference)

Revision as of 19:46, 24 June 2013

  • Authenticate request content
    • PKINIT (AS)
    • PA-TGS-REQ (TGS)
    • FAST (AS or TGS)
  • Authenticate client
    • PA-ENC-TS (weak; AS)
    • PKINIT (AS)
    • SAM2 (AS)
    • PA-ENCRYPTED-CHALLENGE (AS)
    • PA-TGS-REQ (TGS)
    • S4U2Self (TGS)
    • S4U2Proxy (TGS)
  • Determine service principal
    • Hostname alias
    • Cross-realm service principal referral
    • Cross-realm TGS referral
    • User-to-user
  • Issue ticket
  • Encrypt reply
    • FAST (AS or TGS)
    • Long-term key (AS)
    • Session key (TGS)