all, section 6.20.
6.20. Kerberos: Requesting a Service
Once per service and lifetime
assumption: client has server ticket
builds an authenticator containing the client's
name and IP address, and the current time
client then sends the authenticator along with
the ticket to the server
server decrypts the
ticket, uses the session key included in the ticket
to decrypt the authenticator
Note: It is assumed that clocks are synchronized
to within several minute.
Is this realistic?
Time allows to keep track
request received with the same ticket
and timestamp as one already received can be discarded
© by hpb. All Rights Reserved (2012).
It is not allowed to print these pages on a CAST printer.
Last modified: 22/February/12 (13:17)