Kerberos is a network authentication protocol designed to allow nodes, communicating over a non-secure network, to prove their identity to one another in a secure manner.
1
vote
0answers
29 views
krb5 and pam_mount
I successfully installed and configured krb5 on a Red Hat 6.4 server, now I can authenticate against an active directory with kerberos.
pam_mount is installed and configured, but it only mounts a ...
2
votes
1answer
38 views
Kerberos for sending secrets
I understand that Kerberos is used as an authentication protocol. However, would it be possible to achieve a similar effect as Diffie-Hellman with Kerberos i.e. establish a session key which can be ...
6
votes
2answers
103 views
Implications of having a service account in AD use RC4 rather than AES for Kerberos?
Bear with me, I know this is sloppy, but here is the back story:
We have a partner that uses Jira and is using spnego with a custom auth back-end that expects certain group membership in the token. ...
2
votes
1answer
73 views
Kerberos realm understanding
Could someone summarise why realms are necessary in Kerberos and the advantages of the concept.
I'm struggling to isolate everything I know / beginning to understand into some well defined points for ...
1
vote
1answer
133 views
Public web server and AD- based Kerberos authentication
I would want to use SPNEGO/Kerberos protocol on a public internet webserver for specific remote ip addresses coming from corporate intranet. Other authentications methods are used for other addresses ...
1
vote
1answer
101 views
Kerberos ticket lifetime
I was just reading up on Kerberos and realized that the lifetime of a master ticket called the TGT(ticket granting ticket) is 25 hours. Is there any particular reason behind this choice of lifetime?
3
votes
1answer
76 views
Do public keys make Kerberos more secure (RFC4556)?
We're using IPA to centralize our authentication and I found an option to add a public key for each user. After doing a little research I found this to be an extension to Kerberos 5, RFC4556.
From my ...
1
vote
0answers
63 views
Distinct databases with the same Kerberos Authentication server
Should two deployed applications within a private network requiring distinct databases (for storing their own users credentials) require distinct Authentication servers (implementing Kerberos)?
Or is ...
3
votes
1answer
340 views
Does the Kerberos KDC know the users' plaintext passwords?
In http://www.freebsd.org/doc/handbook/kerberos5.html section 15.7.8.3 “The KDC is a Single Point of Failure” you can read:
By design, the KDC must be as secure as the master password database is ...
2
votes
1answer
192 views
secret key compromise in SSL vs in Kerberos
Consider the consequences of compromise of a secret key in the Kerberos system vs. in SSL. For example, suppose your individual shared secret key (for your user account) becomes compromised (i.e. it ...
1
vote
1answer
116 views
Teaching security concepts
I think it would be nice to teach security concepts by giving practical examples. I am looking for some practical cases for x509 certificates, kerberos and SET.
How could I know an ecommerse site ...
4
votes
1answer
666 views
Kerberos - what can an attacker achieve from a replay attack?
On the last step of Kerberos, the client sends the target server a ticket and an authenticator. One of the authenticator's parts is a timestamp. The timestamp is said to prevent replay attacks, as the ...
4
votes
1answer
93 views
Are the SSL Digital Security Certifiactes based on Kerberos Network Security Protocol
I just want to know if digital certificates use the kerberos session key algorithm.
2
votes
1answer
185 views
How do we encrypt a password using another password?
Heys all I've got a nub question, I was wondering
What does it mean to encrypt a password using another password?
For example I want to encrypt a password foo using a password bar, does it mean that ...
