NetID Login Service: Kerberos

The Kerberos component of the NetID Login Service is the core of all NetID authentication at UW-Madison. All other components are built on top of Kerberos (WebISO and RADIUS)

Theory

Kerberos uses as its basis the symmetric Needham-Schroeder protocol. It makes use of a trusted third party, termed a key distribution center (KDC), which consists of two logically separate parts: an Authentication Server (AS) and a Ticket Granting Server (TGS). The KDC maintains a database of secret keys; each entity on the network — whether a client or a server — shares a secret key known only to itself and to the KDC. Knowledge of this key serves to prove an entity's identity. For communication purposes the KDC generates a session key which communicating parties use to encrypt their transmissions.1

The security of the protocol relies heavily on short-lived assertions of authenticity called Kerberos tickets.

As a service, Kerberos is fairly new. If you think your application or service might take advantage of Kerberos, please contact help@login.wisc.edu

1Kerberos (protocol). (2011, November 4). In Wikipedia, The Free Encyclopedia. Retrieved 04:04, November 9, 2011, from http://en.wikipedia.org/w/index.php?title=Kerberos_(protocol)&oldid=458928830




Keywords: netid login service kerberos desktop authentication kiosk   Doc ID: 20290
Owner: Ryan L.Group: Access Management Services
Created: 2011-09-15 14:40 CDTUpdated: 2014-10-14 10:18 CDT
Sites: Access Management Services, DoIT Help Desk, Middleware