Kerberos 简介，举例，名词解释，相关文献

这是一篇简洁的 Kerberos 介绍。

举个例子

Kerberos 就像去食堂打饭，第一步先去收银台买饭票，第二步拿着饭票来到对应窗口取饭。

唯一的区别就是，现实生活里你可能是用钱买饭票，但是在 Kerberos 的世界吃饭是免费的，你只要出示学生卡证明身份，就能拿到饭票。

具体协议流程如图所示：

RFC 链接：https://tools.ietf.org/html/rfc4120

The basic Kerberos authentication process proceeds as follows: A client sends a request to the authentication server (AS) for "credentials" for a given server.  The AS responds with these credentials, encrypted in the client's key.  The credentials consist of a "ticket" for the server and a temporary encryption key (often called a "session key").  The client transmits the ticket (which contains the client's identity and a copy of the session key, all encrypted in the server's key) to the server.  The session key (now shared by the client and server) is used to authenticate the client and may optionally be used to authenticate the server.  It may also be used to encrypt further communication between the two parties or to exchange a separate sub-session key to be used to encrypt further communication.  Note that many applications use Kerberos' functions only upon the initiation of a stream-based network connection. Unless an application performs encryption or integrity protection for the data stream, the identity verification applies only to the initiation of the connection, and it does not guarantee that subsequent messages on the connection originate from the same principal.

Implementation of the basic protocol consists of one or more authentication servers running on physically secure hosts.  The authentication servers maintain a database of principals (i.e., users and servers) and their secret keys.  Code libraries provide encryption and implement the Kerberos protocol.  In order to add authentication to its transactions, a typical network application adds calls to the Kerberos library directly or through the Generic Security Services Application Programming Interface (GSS-API) described in a separate document [RFC4121].  These calls result in the transmission of the messages necessary to achieve authentication. The Kerberos protocol consists of several sub-protocols (or exchanges).  There are two basic methods by which a client can ask a Kerberos server for credentials.  In the first approach, the client sends a cleartext request for a ticket for the desired server to the AS.  The reply is sent encrypted in the client's secret key.  Usually this request is for a ticket-granting ticket (TGT), which can later be used with the ticket-granting server (TGS).  In the second method, the client sends a request to the TGS.  The client uses the TGT to authenticate itself to the TGS in the same manner as if it were contacting any other application server that requires Kerberos authentication.  The reply is encrypted in the session key from the TGT.  Though the protocol specification describes the AS and the TGS as separate servers, in practice they are implemented as different protocol entry points within a single Kerberos server.

Once obtained, credentials may be used to verify the identity of the principals in a transaction, to ensure the integrity of messages exchanged between them, or to preserve privacy of the messages.  The application is free to choose whatever protection may be necessary.

To verify the identities of the principals in a transaction, the client transmits the ticket to the application server.  Because the ticket is sent "in the clear" (parts of it are encrypted, but this encryption doesn't thwart replay) and might be intercepted and reused by an attacker, additional information is sent to prove that the message originated with the principal to whom the ticket was issued. This information (called the authenticator) is encrypted in the session key and includes a timestamp.  The timestamp proves that the message was recently generated and is not a replay.  Encrypting the authenticator in the session key proves that it was generated by a party possessing the session key.  Since no one except the requesting principal and the server know the session key (it is never sent over the network in the clear), this guarantees the identity of the client.

The integrity of the messages exchanged between principals can also be guaranteed by using the session key (passed in the ticket and contained in the credentials).  This approach provides detection of both replay attacks and message stream modification attacks.  It is accomplished by generating and transmitting a collision-proof checksum (elsewhere called a hash or digest function) of the client's message, keyed with the session key.  Privacy and integrity of the messages exchanged between principals can be secured by encrypting the data to be passed by using the session key contained in the ticket or the sub-session key found in the authenticator.

名词解释

• Client：就是吃饭的学生。

• Server：就是打饭的大娘。

• Authentication Server （AS）/ KDC：卖饭票的大姐。

• Principal：就是指 Client 或者 Server 这样的参与网络通信的其中一方，有唯一标识符来表示。

• Credentials：AS 返回给 Client 的信息，包含两部分：Ticket 和 SessionKey。被 Client 密钥加密，只有 Client 能看到内容。

• Ticket：包含两部分：Client 的身份信息和 SessionKey。被 Server 的密钥加密，只有 Server 能看到内容。

• TGT：如果有一个 Server 是认证服务器，，Kerberos 中的 Credentials 就可以被称为 TGT。此时整个过程主要是通过 Kerberos，免去用户名密码去 Server 那里拿一个登录状态。此时的 Server 称为 TGS。

参考资料：

英文：

https://tools.ietf.org/html/rfc4120

https://web.mit.edu/Kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-user/Introduction.html

中文：

http://www.cnblogs.com/idior/archive/2006/03/20/354027.html