Database Reference
In-Depth Information
Accessing a secure file server
Secure access to network services such as file servers is also handled using tickets in Ker-
beros. The following are the sequence of steps for a user to access a secure file server on
the network:
1. The client sends a copy of the TGT with a request to the KDC for a ticket to access
the file server.
2. Since the KDC has already authenticated the user, it can easily verify the user as a
valid user based on the TGT. The KDC builds a service ticket and encrypts it with
the file server's secret key and sends it to the user.
3. The user presents this ticket to the file server. Since the ticket is encrypted using
the file server's secret key, the file server is able to decrypt it, thus establishing the
trust that it was created by the KDC.
4. The user is granted access to the file server. Any time the user needs to access the
file server, the user needs to present the ticket that was generated by the KDC to
access the file server.
The KDC stores the shared secret keys of all the users and services on the network. This
makes it possible to authenticate the users and services without sending the password over
the wire.
