The Kerberos protocol and its implementations

Document version: 1.0.3    (26 November 2006) Italian version
Author: Fulvio Ricciardi (Fulvio.Ricciardi@le.infn.it)
INFN – the National Institute of Nuclear Physics
Computing and Network Services – LECCE (Italy)
Note: Newer versions of this document will be available at the URL http://www.kerberos.org/software/tutorial.html of the MIT Kerberos Consortium of the Massachusetts Institute of Technology

1 Kerberos Protocol

   1.1  Introduction
   1.2  Aims
   1.3  Definition of components and terms
      1.3.1  Realm
      1.3.2  Principal
      1.3.3  Ticket
      1.3.4  Encryption
            1.3.4.1  Encryption type
            1.3.4.2  Encryption key
            1.3.4.3  Salt
            1.3.4.4  Key Version Number (kvno)
      1.3.5  Key Distribution Center (KDC)
            1.3.5.1  Database
            1.3.5.2  Authentication Server (AS)
            1.3.5.3  Ticket Granting Server (TGS)
      1.3.6  Session Key
      1.3.7  Authenticator
      1.3.8  Replay Cache
      1.3.9  Credential Cache
   1.4  Kerberos Operation
      1.4.1  Authentication Server Request (AS_REQ)
      1.4.2  Authentication Server Reply (AS_REP)
      1.4.3  Ticket Granting Server Request (TGS_REQ)
      1.4.4  Ticket Granting Server Reply (TGS_REP)
      1.4.5  Application Server Request (AP_REQ)
      1.4.6  Application Server Reply (AP_REP)
      1.4.7  Pre-Authentication
   1.5  Tickets in-depth
      1.5.1  Initial tickets
      1.5.2  Renewable tickets
      1.5.3  Forwardable tickets
   1.6  Cross Authentication
      1.6.1  Direct trust relationships
      1.6.2  Transitive trust relationships
      1.6.3  Hierarchical trust relationships