RECENT POSTS
- Introduction to FreeBSD Security Best Practices
- Working with Package Management in FreeBSD
- Understanding FreeBSD Security Advisories and Updates
- Troubleshooting Common System Administration Issues in FreeBSD
- Tips for Hardening FreeBSD to achieve System Protection
- Setting Up DHCP Server in FreeBSD
- Secure User and Group Management in FreeBSD Systems
- Secure Remote Access with SSH in FreeBSD
- Optimizing System Performance in FreeBSD
- Network Packet Capture with tcpdump in FreeBSD
- All posts ...
Do you have GDPR compliance issues ?
Check out Legiscope a GDPR compliance software, that will save you weeks of work, automating your documentation, the training of your teams and all processes you need to keep your organisation compliant with privacy regulations
Krb5-121
Jul 20, 2023
##
Kerberos V5 is an authentication system developed at MIT. Abridged from the User Guide Under Kerberos, a client sends a request for a ticket to the Key Distribution Center KDC. The KDC creates a ticket-granting ticket TGT for the client, encrypts it using the client’s password as the key, and sends the encrypted TGT back to the client. The client then attempts to decrypt the TGT, using its password. If the client successfully decrypts the TGT, it keeps the decrypted TGT, which indicates proof of the client’s identity. The TGT permits the client to obtain additional tickets, which give permission for specific services. Since Kerberos negotiates authenticated, and optionally encrypted, communications between two points anywhere on the internet, it provides a layer of security that is not dependent on which side of a firewall either client is on. The Kerberos V5 package is designed to be easy to use. Most of the commands are nearly identical to UNIX network programs you are already used to. Kerberos V5 is a single-sign-on system, which means that you have to type your password only once per session, and Kerberos does the authenticating and encrypting transparently.
Jacques Vidrine n@nectar.com
- Older
- Newer
Checkout these related ports:
- Zzuf - Transparent application input fuzzer
- Zlint - X.509 certificate linter
- Zeronet - Decentralized websites using Bitcoin crypto and BitTorrent network
- Zenmap - GUI frontend for the Nmap scanning utility
- Zeek - System for detecting network intruders in real-time
- Zaproxy - The OWASP zed attack proxy
- Yubioath-desktop - GUI for displaying OATH codes with a Yubikey
- Yubikey-personalization-gui - Graphical YubiKey personalization tool
- Yubikey-manager-qt - Cross-platform application for configuring any YubiKey
- Yubikey-agent - Seamless ssh-agent for YubiKeys
- Yubico-piv-tool - Yubico PIV tool
- Ylva - Command line password manager and file encryption program
- Ykpers - Library and tool for personalization of Yubico's YubiKey
- Ykclient - Yubico C client library
- Yersinia - Layer 2 vulnerability scanner (switches, spanning tree, 802.1q ...)