Kerberos Authentication
Client Domain Controller Application Server
(DC) (Resource Server)
| | |
| ----------------------------------> | |
| Autentication Server Request | |
| | |
| | |
| | |
| <----------------------------------- | |
| Autentication Server Reply | |
| | |
| | |
| | |
| ----------------------------------> | |
| Ticket Granting Service Request | |
| | |
| | |
| | |
| <----------------------------------- | |
| Ticket Granting Server Reply | |
| | |
| ---+--- |
| |
| ------------------------------------------------------> |
| Application Request |
| <------------------------------------------------------ |
| Application Response |
| |
|
- Autentication Server Request
- Preperation
- Client will create hash from user and password
- Client will encrypt timestamp with user hash
- Payload: Encrypted timestamp
- Preperation
- Autetication Server reply
- Preperation
- DC will create hash from user and password
- DC will decrypt timestamp
- Payload: Session Key(encrypted with user hash) + TGT
- Preperation
- Ticket Granting Service Request
- ...
- Ticket Granting Server Reply
- Payload:
- SPN
- Session Key
- Service Ticket
- Payload:
- Application Request / Response
- Resource server will accept or reject request