An analogy commonly used for Kerberos is a state driver’s
license, wherein the state is the KDC that issues a TGT, the license. The
license contains information that can authenticate the user: the picture and
description items. In addition, the permissions, such as motorcycle endorsement,
and restrictions, such as glasses required, associated with the license are also
included. Like a TGT, the license also has an expiration time after which it’s
no longer valid.
Some states include an authentication code made up of portions of
the key supplied data, such as name and birth date. Any crude attempt to alter
part of the key data makes the authentication code not match.
To complete the analogy, a third party accepts the TGT, license,
and, after confirming the picture and description, trusts that the state did a
reasonable job in confirming the identity before issuing the license, and
thereby accepts it as proof of identity, age, or the right to drive.
For more information, go to http://www.cisco.com on the Web and
perform a search for Kerberos. If you’ll be working in a Kerberos environment,
add a search for Configuring Kerberos to get assistance on using the Kerberos
commands. No CCO account is needed for much of the information.
Sections
Comments (0 posted)
Syndication
