Posted by: nazli | February 12, 2006


Kerberos is the 3-headed dog in Greek Mythology that guarded Hades

It occurs to me that this blog has been much about my thoughts on social states and on the world at large. So in the interest of representing the scope of my relentless pursuit of being alive, here is the object of my current professional interest – information and network securities.

Something basic but extremely relevant is “kerberos” which is an effective authentication service for computer networks. Authentication is the verification of the identity of a party. In fact information/network securities is very much based on the “old world” spy/social/criminal securties. I would have to argue that we have superceded the masters since network securities is more complex and savvier infrastructurally – I mean how exactly would the world run without network securities? Unimaginable.

Let me attempt to explain how Kerberos works.
Three players:
1. The Client (or the Principal)
2. The Server (or the Verifier)
3. The Authentication Server (AS)

1 needs to communicate with 2

2 first wants to verify that 1 is who 1 says 1 is (follow?)

1 thus will contact 3 who is the trusted authenticator (note – both 1 and 2 are registered with 3)

3 verifies 1 and serves a Kerberos “ticket” which simplistically consists of a session key and a certificate. The certificate is like a driver’s license and has specific information about 1 and also an expiration time. This ticket is encrypted by a server key

Only 2 and 3 have the server key, so 1 cannot change any information in the ticket

1 then presents 2 with this encrypted ticket – and 2 can decrypt this ticket

Once 2 decrypts the key and is satisfied, then communications will ensue between 1 and 2

For each different 2 that 1 wishes to communicate, 1 must acquire a new ticket from 3

Now if you understood all this then – you already knew how Kerberos worked or you are brilliant as I am and thus can follow me, or you are just misleading yourself.

See! How would the world function without computer scientists? Saving the world one day at a time.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: