Windows 2000 was one of the first OSs to use Kerberos for
authentication and authorization.
Kerberos is named after a three-headed dog in Greek mythology. There are three heads in the Kerberos
security model; The Key Distribution Center (KDC), the authentication service
(AS), and the Ticket Granting Service (TGS).
I found a fairly technical primer for Kerberos in Microsoft’s TechNet
archive. When a client first makes a
request for resources, three things happen,
- There is an exchange with the AS.
- There is an exchange with the TGS.
- There is an exchange between the client and server.
Kerberos is used for both local and external sources;
therefore the Authentication Service and Ticket Granting Service are run
separately so that if you are on another domain, you use the TGS in that domain
using the TGT, (Ticket to get Ticket) from your domain. You can see the whole article at http://technet.microsoft.com/en-us/library/bb742516.aspx
No comments:
Post a Comment