Designing an Authentication System
Kerberos; man’s best
three-headed friend?
What is Kerberos?
• Kerberos is a network authentication protocol.
• It’s also the name of the three-headed dog in Greek mythology.
• Yes, it really is spelt with a ‘K’.
• Questions? No? Good.
Background
Early 1980s:• Timesharing via dumb
terminals• Central processing
and storage• Crap for games
Solution?
• Replace terminals with workstations
• Network all the machines
• Use servers for storage and services
Eek! Security!
Problem:
• How does the server know who you are?
• Authentication by assertion?
Solution:
• Add username & password verification
Multi-password badness
Problem:
• Changing your password
• Password stored in multiple locations
• Just remembering the damn thing
Sounds like we need a network authentication protocol -)
No, it’s not ‘Sharon’
Here’s where it starts to get clever:
• Users have passwords
• Services have passwords
• There’s an auth service that knows all passwords.
• We’ll call it charon
Charon: first draft
• Alice wants her mail.• She asks charon for a
ticket.• Charon encrypts her
username as ticket.• Alice hands ticket to
mail service.
Username squiggle?
The ticket currently contains:
Problem:• How does the service
know if it’s decrypted the ticket properly?
Solution:• Fix the ticket
Stop, thief!
Problem:• What’s to stop someone stealing your ticket?
Solution:• Add another field to the ticket
But I already typed it in…!
Problem:
• We have to enter our password once per service
Solution:
• We add a ticket-granting service, we’ll call it bob.
Bob? Eh?
Here’s how it works:• You request a ticket
from charon for bob.• You can now repeat
steps 2&3 for as many services as you like.
• This ticket is called the ticket-granting ticket. Catchy eh?
I saw that!
Problem:• The password is still
being sent in plain text. Eek.
Solution:• Tweak more stuff.
Thievery, again
Problem:• Someone can steal your ticket, and fake your
username and address after you’ve fled home.
Solution:• Add an expiry time to the ticket.
T’was nae me, officer
Problem:• Someone could use
your ticket before it expires.
Well, let’s look at what’s happening.
It honestly wasn’t
Solution:• Add a session key.• Charon creates a random password for the
session and adds it to the reply.
So, um, how’s this work?
Like this:
• Alice sends 2 things to the mail service:– The service ticket– Her username and address, encrypted with
the session key (a.k.a., the authenticator)
And that’s pretty much it, folks.
My thanks to Bill Bryant
This
Man
Needs
Sleep
Notes to self: replay, bones, lanman, agnosticism, forwarding, mutual auth