all, section 6.20.
6.20. Kerberos: Requesting a Service
-
Once per service and lifetime
-
assumption: client has server ticket
-
application
builds an authenticator containing the client's
name and IP address, and the current time
-
client then sends the authenticator along with
the ticket to the server
-
server decrypts the
ticket, uses the session key included in the ticket
to decrypt the authenticator
-
Note: It is assumed that clocks are synchronized
to within several minute.
-
- --
-
Is this realistic?
- --
-
Time allows to keep track
-
request received with the same ticket
and timestamp as one already received can be discarded
Kerberos Authenticator
![[equation]](all-26.gif)
Created by
unroff,
java2html &
& hp-tools.
© by hpb. All Rights Reserved (2012).
It is not allowed to print these pages on a CAST printer.
Last modified: 22/February/12 (13:17)
