kerberos 协议初探

最新推荐文章于 2023-11-29 19:34:53 发布
最新推荐文章于 2023-11-29 19:34:53 发布
阅读量124 收藏
点赞数
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/skaljdakdjw/article/details/111878542
版权

kerberos原理#
一个客户端要访问某个服务时,先要到KDC去认证自己,并获得访问票据TGT
然后客户端再拿着这个访问票据到自己真实想要访问的服务去获得访问授权,
然后真实的进行访问

在kerberos中,KDC有两部分组成:

Authentication Server,用来认证用户,即验证用户存在,且密码正确
Ticket-Granting Service,用来给客户端生成,可以访问客户端想要访问的那个服务的票据TGT
三个请求步骤#
整体来看,kerberos分为三个请求来回,假设一个client要访问服务server

client到Authentication Server认证,并获得跟Ticket-Granting Service通信的加密key,Client/TGS SessionKey和能访问Client/TGS SessionKey的票据
client使用Client/TGS SessionKey跟Ticket-Granting Service进行安全通信,获得能访问server票据
client在拿到第二步的票据去访问服务server

双向验证#
kerberos是双向验证的。实现双向验证的原理:
其上三步通信中,每一步的请求和返回都包含两个数据。一份是发送方想要获取认证的请求,一份是发送方希望接收方认证自己的请求数据。

基础术语#
Principals#
在kerberos网络中,认证双方的指代,可以服务,也可以是个人
Principals是唯一的,KDC是基于Principals来判定它有没有访问某个服务的权限

一个Principals的基本构造为:
primary/instance@realm

其中:

primary是具体的用户名或服务名,比如用户名:jdoe, 服务名:nfs
instance 是该用户或服务具体的角色/机器定位,比如jdoe/admin, ftp/bigmachine.corp.example.com,后者表示ftp这个服务在bigmachine.corp.example.com这host机器上。特别地,如果primary是一个服务,那么其instance必填。而如果primary是用户,则instance不必填
realm 一个逻辑领域,指代kerberos网络的范围,通常是大写域名,比如CORP.EXAMPLE.COM
以下是一些合法的principal定义

Copy
jdoe

jdoe/admin

jdoe/admin@CORP.EXAMPLE.COM

nfs/host.corp.example.com@CORP.EXAMPLE.COM

host/corp.example.com@CORP.EXAMPLE.COM
Realms#
Realms 是kerberos整个网络的逻辑定义,相当于一个域,所以通常也用域名来定义。Realm可以集成,也可以没有集成但又有相应的关系

KDC#
存储有所有Principals的账号信息,用于认证用户,并分发Principal A访问Principal B的票据
KDC本身可以做主从,从而实现高可用

keytab#
一个存储了Principal信息的文件,其中包含用户名跟加密key(相当于密码)。其目的是,可以通过kinit命令,以脚本的方式去KDC认证,并缓存票据TGT。这样做能够使得一些系统之间的授权成为可能,也使得无人工参与的脚本自动化认证成为可能。因为普通的登录认证,需要用户交互,去输入用户名密码。

一个典型的kinit命令如下:https://github.com/91sipp68/rfrepzlnrj/discussions/168
https://github.com/l32nyw20/twggpilioq/discussions/158
https://github.com/91sipp68/rfrepzlnrj/discussions/169
https://github.com/l32nyw20/twggpilioq/discussions/159
https://github.com/91sipp68/rfrepzlnrj/discussions/170
https://github.com/l32nyw20/twggpilioq/discussions/160
https://github.com/91sipp68/rfrepzlnrj/discussions/171
https://github.com/91sipp68/rfrepzlnrj/discussions/172
https://github.com/l32nyw20/twggpilioq/discussions/161
https://github.com/l32nyw20/twggpilioq/discussions/162
https://github.com/91sipp68/rfrepzlnrj/discussions/173
https://github.com/l32nyw20/twggpilioq/discussions/163
https://github.com/l32nyw20/twggpilioq/discussions/164
https://github.com/91sipp68/rfrepzlnrj/discussions/174
https://github.com/l32nyw20/twggpilioq/discussions/165
https://github.com/91sipp68/rfrepzlnrj/discussions/175
https://github.com/l32nyw20/twggpilioq/discussions/166
https://github.com/91sipp68/rfrepzlnrj/discussions/176
https://github.com/l32nyw20/twggpilioq/discussions/167
https://github.com/91sipp68/rfrepzlnrj/discussions/177
https://github.com/l32nyw20/twggpilioq/discussions/168
https://github.com/91sipp68/rfrepzlnrj/discussions/178
https://github.com/l32nyw20/twggpilioq/discussions/169
https://github.com/91sipp68/rfrepzlnrj/discussions/179
https://github.com/l32nyw20/twggpilioq/discussions/170
https://github.com/91sipp68/rfrepzlnrj/discussions/180
https://github.com/l32nyw20/twggpilioq/discussions/171
https://github.com/91sipp68/rfrepzlnrj/discussions/181
https://github.com/l32nyw20/twggpilioq/discussions/172
https://github.com/91sipp68/rfrepzlnrj/discussions/182
https://github.com/l32nyw20/twggpilioq/discussions/173
https://github.com/91sipp68/rfrepzlnrj/discussions/183
https://github.com/l32nyw20/twggpilioq/discussions/174
https://github.com/91sipp68/rfrepzlnrj/discussions/184
https://github.com/l32nyw20/twggpilioq/discussions/175
https://github.com/l32nyw20/twggpilioq/discussions/176
https://github.com/91sipp68/rfrepzlnrj/discussions/185
https://github.com/l32nyw20/twggpilioq/discussions/177
https://github.com/91sipp68/rfrepzlnrj/discussions/186
https://github.com/l32nyw20/twggpilioq/discussions/178
https://github.com/91sipp68/rfrepzlnrj/discussions/187
https://github.com/l32nyw20/twggpilioq/discussions/179
https://github.com/91sipp68/rfrepzlnrj/discussions/188
https://github.com/l32nyw20/twggpilioq/discussions/180
https://github.com/91sipp68/rfrepzlnrj/discussions/189
https://github.com/91sipp68/rfrepzlnrj/discussions/190
https://github.com/91sipp68/rfrepzlnrj/discussions/191
https://github.com/l32nyw20/twggpilioq/discussions/181
https://github.com/91sipp68/rfrepzlnrj/discussions/192
https://github.com/91sipp68/rfrepzlnrj/discussions/193
https://github.com/l32nyw20/twggpilioq/discussions/182
https://github.com/91sipp68/rfrepzlnrj/discussions/194
https://github.com/l32nyw20/twggpilioq/discussions/183
https://github.com/l32nyw20/twggpilioq/discussions/184
https://github.com/91sipp68/rfrepzlnrj/discussions/195
https://github.com/l32nyw20/twggpilioq/discussions/185
https://github.com/91sipp68/rfrepzlnrj/discussions/196
https://github.com/l32nyw20/twggpilioq/discussions/186
https://github.com/91sipp68/rfrepzlnrj/discussions/197
https://github.com/l32nyw20/twggpilioq/discussions/187
https://github.com/91sipp68/rfrepzlnrj/discussions/198
https://github.com/l32nyw20/twggpilioq/discussions/188
https://github.com/91sipp68/rfrepzlnrj/discussions/199
https://github.com/l32nyw20/twggpilioq/discussions/189
https://github.com/l32nyw20/twggpilioq/discussions/190
https://github.com/91sipp68/rfrepzlnrj/discussions/200
https://github.com/91sipp68/rfrepzlnrj/discussions/201
https://github.com/l32nyw20/twggpilioq/discussions/191
https://github.com/l32nyw20/twggpilioq/discussions/192
https://github.com/91sipp68/rfrepzlnrj/discussions/202
https://github.com/l32nyw20/twggpilioq/discussions/193
https://github.com/91sipp68/rfrepzlnrj/discussions/203
https://github.com/l32nyw20/twggpilioq/discussions/194
https://github.com/91sipp68/rfrepzlnrj/discussions/204
https://github.com/l32nyw20/twggpilioq/discussions/195
https://github.com/91sipp68/rfrepzlnrj/discussions/205
https://github.com/l32nyw20/twggpilioq/discussions/196
https://github.com/l32nyw20/twggpilioq/discussions/197
https://github.com/91sipp68/rfrepzlnrj/discussions/206
https://github.com/91sipp68/rfrepzlnrj/discussions/207
https://github.com/l32nyw20/twggpilioq/discussions/198
https://github.com/91sipp68/rfrepzlnrj/discussions/208
https://github.com/91sipp68/rfrepzlnrj/discussions/209
https://github.com/l32nyw20/twggpilioq/discussions/199
https://github.com/91sipp68/rfrepzlnrj/discussions/210
https://github.com/l32nyw20/twggpilioq/discussions/200
https://github.com/91sipp68/rfrepzlnrj/discussions/211
https://github.com/l32nyw20/twggpilioq/discussions/201
https://github.com/91sipp68/rfrepzlnrj/discussions/212
https://github.com/91sipp68/rfrepzlnrj/discussions/213
https://github.com/l32nyw20/twggpilioq/discussions/202
https://github.com/91sipp68/rfrepzlnrj/discussions/214
https://github.com/l32nyw20/twggpilioq/discussions/203
https://github.com/91sipp68/rfrepzlnrj/discussions/215
https://github.com/l32nyw20/twggpilioq/discussions/204
https://github.com/91sipp68/rfrepzlnrj/discussions/216
https://github.com/l32nyw20/twggpilioq/discussions/205
https://github.com/91sipp68/rfrepzlnrj/discussions/217
https://github.com/l32nyw20/twggpilioq/discussions/206
https://github.com/91sipp68/rfrepzlnrj/discussions/218
https://github.com/l32nyw20/twggpilioq/discussions/207
https://github.com/91sipp68/rfrepzlnrj/discussions/219
https://github.com/l32nyw20/twggpilioq/discussions/208
https://github.com/91sipp68/rfrepzlnrj/discussions/220
https://github.com/91sipp68/rfrepzlnrj/discussions/221
https://github.com/l32nyw20/twggpilioq/discussions/209
https://github.com/91sipp68/rfrepzlnrj/discussions/222
https://github.com/l32nyw20/twggpilioq/discussions/210
https://github.com/91sipp68/rfrepzlnrj/discussions/223
https://github.com/l32nyw20/twggpilioq/discussions/211
https://github.com/91sipp68/rfrepzlnrj/discussions/224
https://github.com/l32nyw20/twggpilioq/discussions/212
https://github.com/91sipp68/rfrepzlnrj/discussions/225
https://github.com/l32nyw20/twggpilioq/discussions/213
https://github.com/91sipp68/rfrepzlnrj/discussions/226
https://github.com/l32nyw20/twggpilioq/discussions/214
https://github.com/91sipp68/rfrepzlnrj/discussions/227
https://github.com/l32nyw20/twggpilioq/discussions/215
https://github.com/91sipp68/rfrepzlnrj/discussions/228
https://github.com/l32nyw20/twggpilioq/discussions/216
https://github.com/91sipp68/rfrepzlnrj/discussions/229
https://github.com/l32nyw20/twggpilioq/discussions/217
https://github.com/91sipp68/rfrepzlnrj/discussions/230
https://github.com/l32nyw20/twggpilioq/discussions/218
https://github.com/91sipp68/rfrepzlnrj/discussions/231
https://github.com/l32nyw20/twggpilioq/discussions/219
https://github.com/91sipp68/rfrepzlnrj/discussions/232
https://github.com/l32nyw20/twggpilioq/discussions/220
https://github.com/91sipp68/rfrepzlnrj/discussions/233
https://github.com/l32nyw20/twggpilioq/discussions/221
https://github.com/91sipp68/rfrepzlnrj/discussions/234
https://github.com/l32nyw20/twggpilioq/discussions/222
https://github.com/91sipp68/rfrepzlnrj/discussions/235
https://github.com/l32nyw20/twggpilioq/discussions/223
https://github.com/l32nyw20/twggpilioq/discussions/224
https://github.com/91sipp68/rfrepzlnrj/discussions/236
https://github.com/l32nyw20/twggpilioq/discussions/225
https://github.com/91sipp68/rfrepzlnrj/discussions/237
https://github.com/l32nyw20/twggpilioq/discussions/226
https://github.com/91sipp68/rfrepzlnrj/discussions/238
https://github.com/l32nyw20/twggpilioq/discussions/227
https://github.com/91sipp68/rfrepzlnrj/discussions/239
https://github.com/l32nyw20/twggpilioq/discussions/228
https://github.com/91sipp68/rfrepzlnrj/discussions/240
https://github.com/l32nyw20/twggpilioq/discussions/229
https://github.com/l32nyw20/twggpilioq/discussions/230
https://github.com/91sipp68/rfrepzlnrj/discussions/241
https://github.com/l32nyw20/twggpilioq/discussions/231
https://github.com/91sipp68/rfrepzlnrj/discussions/242
https://github.com/l32nyw20/twggpilioq/discussions/232
https://github.com/91sipp68/rfrepzlnrj/discussions/243
https://github.com/l32nyw20/twggpilioq/discussions/233
https://github.com/l32nyw20/twggpilioq/discussions/234
https://github.com/l32nyw20/twggpilioq/discussions/235
https://github.com/91sipp68/rfrepzlnrj/discussions/244
https://github.com/l32nyw20/twggpilioq/discussions/236
https://github.com/91sipp68/rfrepzlnrj/discussions/245
https://github.com/l32nyw20/twggpilioq/discussions/237
https://github.com/91sipp68/rfrepzlnrj/discussions/246
https://github.com/l32nyw20/twggpilioq/discussions/238
https://github.com/91sipp68/rfrepzlnrj/discussions/247
https://github.com/l32nyw20/twggpilioq/discussions/239
https://github.com/91sipp68/rfrepzlnrj/discussions/248
https://github.com/l32nyw20/twggpilioq/discussions/240
https://github.com/91sipp68/rfrepzlnrj/discussions/249
https://github.com/l32nyw20/twggpilioq/discussions/241
https://github.com/91sipp68/rfrepzlnrj/discussions/250
https://github.com/l32nyw20/twggpilioq/discussions/242
https://github.com/91sipp68/rfrepzlnrj/discussions/251
https://github.com/l32nyw20/twggpilioq/discussions/243
https://github.com/91sipp68/rfrepzlnrj/discussions/252
https://github.com/l32nyw20/twggpilioq/discussions/244
https://github.com/l32nyw20/twggpilioq/discussions/245
https://github.com/91sipp68/rfrepzlnrj/discussions/253
https://github.com/l32nyw20/twggpilioq/discussions/246
https://github.com/91sipp68/rfrepzlnrj/discussions/254
https://github.com/l32nyw20/twggpilioq/discussions/247
https://github.com/91sipp68/rfrepzlnrj/discussions/255
https://github.com/l32nyw20/twggpilioq/discussions/248
https://github.com/91sipp68/rfrepzlnrj/discussions/256
https://github.com/l32nyw20/twggpilioq/discussions/249
https://github.com/91sipp68/rfrepzlnrj/discussions/257
https://github.com/l32nyw20/twggpilioq/discussions/250
https://github.com/91sipp68/rfrepzlnrj/discussions/258
https://github.com/91sipp68/rfrepzlnrj/discussions/259
https://github.com/l32nyw20/twggpilioq/discussions/251
https://github.com/91sipp68/rfrepzlnrj/discussions/260
https://github.com/l32nyw20/twggpilioq/discussions/252
https://github.com/91sipp68/rfrepzlnrj/discussions/261
https://github.com/l32nyw20/twggpilioq/discussions/253
https://github.com/91sipp68/rfrepzlnrj/discussions/262
https://github.com/l32nyw20/twggpilioq/discussions/254
https://github.com/91sipp68/rfrepzlnrj/discussions/263
https://github.com/l32nyw20/twggpilioq/discussions/255
https://github.com/91sipp68/rfrepzlnrj/discussions/264
https://github.com/l32nyw20/twggpilioq/discussions/256
https://github.com/91sipp68/rfrepzlnrj/discussions/265
https://github.com/l32nyw20/twggpilioq/discussions/257
https://github.com/91sipp68/rfrepzlnrj/discussions/266
https://github.com/l32nyw20/twggpilioq/discussions/258
https://github.com/91sipp68/rfrepzlnrj/discussions/267
https://github.com/l32nyw20/twggpilioq/discussions/259
https://github.com/91sipp68/rfrepzlnrj/discussions/268
https://github.com/l32nyw20/twggpilioq/discussions/260
https://github.com/91sipp68/rfrepzlnrj/discussions/269
https://github.com/l32nyw20/twggpilioq/discussions/261
https://github.com/91sipp68/rfrepzlnrj/discussions/270
https://github.com/l32nyw20/twggpilioq/discussions/262
https://github.com/91sipp68/rfrepzlnrj/discussions/271
https://github.com/l32nyw20/twggpilioq/discussions/263
https://github.com/l32nyw20/twggpilioq/discussions/264
https://github.com/91sipp68/rfrepzlnrj/discussions/272
https://github.com/91sipp68/rfrepzlnrj/discussions/273
https://github.com/l32nyw20/twggpilioq/discussions/265
https://github.com/l32nyw20/twggpilioq/discussions/266
https://github.com/91sipp68/rfrepzlnrj/discussions/274
https://github.com/l32nyw20/twggpilioq/discussions/267
https://github.com/91sipp68/rfrepzlnrj/discussions/275
https://github.com/l32nyw20/twggpilioq/discussions/268
https://github.com/91sipp68/rfrepzlnrj/discussions/276
https://github.com/l32nyw20/twggpilioq/discussions/269
https://github.com/91sipp68/rfrepzlnrj/discussions/277
https://github.com/l32nyw20/twggpilioq/discussions/270
https://github.com/91sipp68/rfrepzlnrj/discussions/278
https://github.com/l32nyw20/twggpilioq/discussions/271
https://github.com/91sipp68/rfrepzlnrj/discussions/279
https://github.com/l32nyw20/twggpilioq/discussions/272
https://github.com/91sipp68/rfrepzlnrj/discussions/280
https://github.com/l32nyw20/twggpilioq/discussions/273
https://github.com/91sipp68/rfrepzlnrj/discussions/281
https://github.com/l32nyw20/twggpilioq/discussions/274
https://github.com/91sipp68/rfrepzlnrj/discussions/282
https://github.com/l32nyw20/twggpilioq/discussions/275
https://github.com/91sipp68/rfrepzlnrj/discussions/283
https://github.com/l32nyw20/twggpilioq/discussions/276
https://github.com/91sipp68/rfrepzlnrj/discussions/284
https://github.com/l32nyw20/twggpilioq/discussions/277
https://github.com/91sipp68/rfrepzlnrj/discussions/285
https://github.com/l32nyw20/twggpilioq/discussions/278
https://github.com/91sipp68/rfrepzlnrj/discussions/286
https://github.com/l32nyw20/twggpilioq/discussions/279
https://github.com/l32nyw20/twggpilioq/discussions/280
https://github.com/91sipp68/rfrepzlnrj/discussions/287
https://github.com/l32nyw20/twggpilioq/discussions/281
https://github.com/91sipp68/rfrepzlnrj/discussions/288
https://github.com/l32nyw20/twggpilioq/discussions/282
https://github.com/91sipp68/rfrepzlnrj/discussions/289
https://github.com/l32nyw20/twggpilioq/discussions/283
https://github.com/91sipp68/rfrepzlnrj/discussions/290
https://github.com/l32nyw20/twggpilioq/discussions/284
https://github.com/91sipp68/rfrepzlnrj/discussions/291
https://github.com/l32nyw20/twggpilioq/discussions/285
https://github.com/91sipp68/rfrepzlnrj/discussions/292
https://github.com/91sipp68/rfrepzlnrj/discussions/293
https://github.com/l32nyw20/twggpilioq/discussions/286
https://github.com/l32nyw20/twggpilioq/discussions/287
https://github.com/91sipp68/rfrepzlnrj/discussions/294
https://github.com/91sipp68/rfrepzlnrj/discussions/295
https://github.com/l32nyw20/twggpilioq/discussions/288
https://github.com/l32nyw20/twggpilioq/discussions/289
https://github.com/91sipp68/rfrepzlnrj/discussions/296
https://github.com/l32nyw20/twggpilioq/discussions/290
https://github.com/91sipp68/rfrepzlnrj/discussions/297
https://github.com/91sipp68/rfrepzlnrj/discussions/298
https://github.com/91sipp68/rfrepzlnrj/discussions/299
https://github.com/l32nyw20/twggpilioq/discussions/291
https://github.com/91sipp68/rfrepzlnrj/discussions/300
https://github.com/l32nyw20/twggpilioq/discussions/292
https://github.com/91sipp68/rfrepzlnrj/discussions/301
https://github.com/l32nyw20/twggpilioq/discussions/293
https://github.com/91sipp68/rfrepzlnrj/discussions/302
https://github.com/l32nyw20/twggpilioq/discussions/294
https://github.com/91sipp68/rfrepzlnrj/discussions/303
https://github.com/l32nyw20/twggpilioq/discussions/295
https://github.com/91sipp68/rfrepzlnrj/discussions/304
https://github.com/l32nyw20/twggpilioq/discussions/296
https://github.com/91sipp68/rfrepzlnrj/discussions/305
https://github.com/l32nyw20/twggpilioq/discussions/297
https://github.com/91sipp68/rfrepzlnrj/discussions/306
https://github.com/l32nyw20/twggpilioq/discussions/298
https://github.com/91sipp68/rfrepzlnrj/discussions/307
https://github.com/l32nyw20/twggpilioq/discussions/299
https://github.com/91sipp68/rfrepzlnrj/discussions/308

Copy
kinit username@ADS.IU.EDU -k -t mykeytab; myscript
mykeytab是Keytab的文件名,由于其中可能有多个principal的账号信息,所以这里显示的基于username@ADS.IU.EDU这个用户id,显示的去找文件中的密码,完成认证。
认证完后,执行后续想要操作的myscript脚本。

当日Kinit命令本身也可以不使用Keytab文件,而直接用户交互的方式,去输入密码,完整认证。

整个kerberos的逻辑视图#

其中clients和Application Servers都是Principal

skaljdakdjw
关注
kerberos 票据_域渗透 | 白银票据利用
weixin_33425215的博客
12-25 327
目录0x01 介绍0x02 白银票据利用0x01 介绍之前,我们已经详细说过Kerberos认证的流程,这次我们就来说说如何对其进行利用,这次主要说的是白银票据伪造(Silver Tickets)白银票据伪造利用的是Kerberos认证中的第三个步骤,在第三步的时候,client会带着ticket向server的某个服务进行请求,如果验证通过就可以访问server上的指定服务了,这里ticket的...
kerberos 票据_域渗透之黄金票据的实际利用
weixin_39861905的博客
12-25 505
先介绍下Kerberos协议Kerberos是一种由MIT(麻省理工大学)提出的一种网络身份验证协议。它旨在通过使用密钥加密技术为客户端/服务器应用程序提供强身份验证。在Kerberos协议中主要是有三个角色的存在:1:访问服务的Client(用户的机器客户端)2:提供服务的Server(服务端)3:KDC(Key Distribution Center)密钥分发中心其中KDC服务默认会安装在一...
kerberos认证原理_kerberos 协议初探
weixin_39757212的博客
12-03 281
kerberos原理一个客户端要访问某个服务时,先要到KDC去认证自己,并获得访问票据TGT 然后客户端再拿着这个访问票据到自己真实想要访问的服务去获得访问授权, 然后真实的进行访问在kerberos中,KDC有两部分组成:Authentication Server,用来认证用户,即验证用户存在,且密码正确Ticket-Granting Service,用来给客户端生成,可以访问客户端想...
Kerberos认证原理
Hi~ 土拨鼠
04-21 2323
文章目录Kerberos介绍 Kerberos介绍 Kerberos是一种计算机网络授权(身份验证)协议,旨在通过秘钥加密技术为客户端/服务器应用程序提供身份验证,用来在非安全网络中,对个人通信以安全的手段进行身份认证,主要应用在域环境下的身份验证。 下图为大概的认证流程,共包含有三个重要的角色:Client、Server和KDC 相关名词介绍: 访问服务的Client 提供服务的Server KDC(Key Distribution Center) 密钥分发中心,在KDC中又分为两个部分:Authen
票据的作用
cruzjqi124796的博客
09-21 812
[@more@]票据的作用主要有以下几点:(1)结算作用。国际结算的基本方法是非现金结算。在非现金结算条件下,要结清国际间的债权债务就必须使用一定的支付工具。票据就是一种能起到货币的支付功能和结算作用的支付工具。例如债务人向...
Windows Communication Foundation (WCF) 初探:.NET平台的SOA框架
WCF是一个统一的框架,用于构建和运行面向服务的应用程序,它集成了.Net平台的各种分布式系统技术,如.NET Remoting、ASMX、WSE和MSMQ,并支持多种通信协议和安全模式。" 在深入讨论WCF之前,首先需要理解SOA的概念...
C#基础系列08 - NTLM 基础学习续集 - NTLM性能问题初探
DynamicsAgg的博客
02-19 338
接上篇 : NTLM 基础学习 这次探讨一下NTLM验证中较少出现的性能问题. 在国外大型企业以及微软官方可以见到类似的文章和分享, 国内中文内容和分享比较少. 我们做个尝试, 抛砖引玉; NTLM和Kerberos是当前 Windows 体系主要的两种认证协议. Linux/Mac 等也很早开始支持这两种协议. 加上当前移动设备迅猛增加, 移动端的应用普遍的采用了兼容性较好的NTLM协议, 比如iPhone/Android基于ActiveSync的邮件应用, 比如系统自带的基于802.1x的有线...
大数据总结
cdmazzq的博客
11-26 3434
Hadoop 学习 1.hvie 不是一个完整的数据库,其中最大的限制是hive不支持记录级别的更新,插入,删除。但是用户可以通过查询生成新表或者将查询结果导入到文件中 PYTHON学习 可以把模块想像成导入到python以增强其功能的扩展。需要使用命令import来导入块。 例子:>>>import math >>>math.floor(23.6) ...
计算机网络安全技术相关文献,计算机网络安全技术相关论文参考文献 哪里有计算机网络安全技术参考文献...
weixin_36104484的博客
07-05 1807
【100个】计算机网络安全技术相关论文参考文献供您参考,希望能解决毕业生们的哪里有计算机网络安全技术参考文献相关问题,整理好参考文献那就开始写计算机网络安全技术论文吧!一、计算机网络安全技术论文参考文献范文[1]工程硕士《计算机网络安全技术》课程教学方法探析.韩伟杰.王宇,2011第六届全国工科研究生教育工作研讨会[2]浅析计算机网络安全技术及防护策略的探讨.马萍.李汉涛.刘敬华,2012山东煤炭...
ASP.NET及C#网上资料小收藏
qkqlqq0288的专栏
01-10 1983
<br />http://blog.csdn.net/guyehanxinlei/archive/2008/01/18/2051333.aspx<br />使用SqlBulkCopy类加载其他源数据到SQL表 <br />在数据回发时,维护ASP.NET Tree控件的位置 <br />vagerent的vs2005网站开发技巧 <br />ASP.NET2.0小技巧--内部控件权限的实现 <br />图片滚动代码。 <br />css——之三行三列等高布局 <br />Datagird TemplateC
Kerberos
weixin_33850015的博客
01-08 714
一、Kerberos Concept Kerberos是一种网络认证协议,其设计目标是通过密钥系统为客户机/服务器应用程序提供强大的认证服务,为通信双方提供双向身份认证。 Kerberos关键术语: KDC提供两大主要功能:认证服务器(Authentication Service,AS)和票据授权服务(Ticket Granting Service,TGS)。AS负责对用户和服务进行认证,T...
最浅显易懂kerberos认证和黄金白银票据
04-22 853
一、kerberos认证 一、 1.客户端账号用自己的密码哈希加密(时间戳、客户端、服务端等信息)发送给AS (身份验证服务) AS 收到后进行查找,确认有该账号后生成随机密钥1 2.发送回客户端两个东西: 用客户端账号对应的密码哈希加密的(随机密钥1)和TGT(黄金票据):用特定账户哈希加密的(随机密钥1和时间戳等信息) 二、 客户端收到后用自己的密码哈希解密得到随机密钥1,然后用随机密钥1加密(时间戳等信息)–—信息1 与TGT一同发给TGS(票据授权服务) 三、 1.TGS收到后用特定账户哈希解密得到
Kerberos认证介绍及黄金票据和白银票据
qq_41814777的博客
05-08 1352
学前介绍 LM协议: 早期SMB协议在网络上传输明文口令。后来出现LAN Manager 挑战和 响应 验证机制简称LM,很简单,容易被破解 NTLM: 微软提出的一种windowsNT挑战/响应验证机制,称之为NTLM。现在已经 有了更新到了NTLMv2和kerberos验证机制 NTML的挑战和响应机制如下:(就跟短信验证码一样) 协商:客户端向服务端确认协议的版本 质询:客户端向服务端发送用户信息请求;服务器接收之后生成一个16位随机数,称之为Challenge;用NTML HASH加密16位随机数,
内网渗透(四) | 票据传递攻击
Ms08067安全实验室
06-29 2740
票据传递攻击(Pass the Ticket,PtT)票据传递攻击(PtT)是基于Kerberos认证的一种攻击方式,常用来做后渗透权限维持。黄金票据攻击利用的前提是得到了域内krbtg...
Kerberos 认证、黄金票据、白银票据
最新发布
weixin_51559599的博客
11-29 734
在实际环境中,有各种各样的服务都需要进行认证,需要频繁输入密码进行认证,不仅繁琐,而且频繁传输密码加大了出现中间人劫持等安全风险。服务器持有 TGS 颁发的票据后,携带票据访问相应的服务可获取响应的服务权限。AS(Authentication Service)所在的服务器存储了用户凭证,用户输入账户密码进行认证成功后,AS 向用户颁发。(身份票据),用户获取 TGT 后,凭借 TGT 即可向 TGS 申请各种服务票据(ST),用来获取各种服务的权限。白银票据就是伪造了 Kerberos 中的服务票据。
【Hadoop】通俗易懂 Kerberos原理
康师傅没有眼泪
05-26 5782
Hadoop 使用Kerberos作为用户和服务的强身份验证和身份传播的基础。Kerberos 是一种计算机网络认证协议,它允许某实体在非安全网络环境下通信,向另一个实体以一种安全的方式证明自己的身份。Kerberos 是第三方认证机制,其中用户和服务依赖于第三方(Kerberos 服务器)来对彼此进行身份验证。Kerberos服务器本身称为密钥分发中心或 KDC。
kerberos详解
SkyChaserYu的博客
03-16 3440
kerberos介绍 1、重要术语 1. KDC 全称:key distributed center 作用:整个安全认证过程的票据生成管理服务,其中包含两个服务,AS和TGS 2. AS 全称:authentication service 作用:为client生成TGT的服务 3.TGS 全称:ticket granting service 作用:为client生成某个服务的...
Kerberos认证原理(原创图解+详解)
Ciyaso的博客
10-26 7901
一、 Kerberos Authentication Kerberos Authentication 解决的是“如何证明某个用户确确实实就是其所声称的那个用户”的问题。 Kerberos Authentication的整个过程涉及到Client和Server,他们之间传递证明需要使用一个Key(KServer-Client)来表示。Client为了让Server对自己进行有效的认证,向对方提供如下两组信息: ①代表Client自身Identity的信息,为了简便,它以明文的形式传递。 ②将Client的Id
改进的动态口令Kerberos协议:提升网络安全
"基于动态口令体制的Kerberos协议改进是一项针对网络安全中身份认证问题的研究。该论文由黄建华和何希两位作者在华东理工大学完成,主要探讨了Kerberos协议的原理及其局限性。Kerberos是一种广泛应用于分布式网络...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值