Abstract

This chapter describes the Kerberos authentication protocol, the default authentication protocol of Windows 2000, Windows XP, Windows Server 2003, and R2. This includes the working of the protocol, its implementation by Microsoft, and some advanced Kerberos topics. The chapter especially focuses on the new Kerberos features introduced in Windows Server 2003: constrained delegation and protocol transition, KDC key version numbers, and user-to-user authentication. Kerberos refers to the authentication protocol developed as part of the Massachusetts Institute of Technology (MIT) Athena project. Microsoft introduced Kerberos as the new default authentication protocol in Windows 2000. Every Windows 2000, Windows XP, Windows Server 2003, and R2 OS platform includes a client Kerberos authentication provider. The chapter explains the key differences between the NTLM and the Kerberos authentication protocols and the advantages that Kerberos brings to the Windows 2000, Windows XP, Windows Server 2003, and R2 operating systems and their users. The basic protocol of Kerberos is also explained, which includes Kerberos design assumptions (a step-by-step explanation); the subprotocols of Kerberos; Kerberos data confidentiality, authentication, and integrity services; user-to-user authentication; and key version numbers, which is another feature of Kerberos. Logging on to Windows using Kerberos is another topic that is detailed in this chapter. It includes both interactive (local) and noninteractive (network) Kerberos-based logon in single and multiple domain environments and in a multiple forest scenario. In certain migration scenarios, it becomes necessary to disable the Kerberos authentication protocol on your Windows domain controllers. In general, disabling the Kerberos protocol via the NT4Emulator key should be seen as a short-term workaround until sufficient AD DCs are available in the upgraded domain to handle the Kerberos authentication workload. The chapter concludes with discussing the delegation of authentication, the link between authentication and authorization, analyzing the Kerberos ticket and authenticator, and Kerberos time sensitivity.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
5 - Kerberos
Jan De Clercq
Windows Server 2003 Security Infrastructures | VOL. -
Jan De ClercqJan De Clercq
01 Jan 2004
Proposal of HMAC based Protocol for Message Authenication in Kerberos Authentication Protocol
R Krishnamoorthy ... K.M Vijayalakshmi
-
R Krishnamoorthy, et. al.R Krishnamoorthy ... K.M Vijayalakshmi
23 Feb 2022
Command center security-proving software correct
J Wool ... R.W Lichota
-
J Wool, et. al.J Wool ... R.W Lichota
25 Jun 1995
Kerberos authentication protocol implementation based on DHR atypical construct
Tingan Zhang
Frontiers in Computing and Intelligent Systems | VOL. 3
Tingan ZhangTingan Zhang
13 Apr 2023
View more papers

More From: Microsoft Windows Security Fundamentals

Paper Title
Journal
Date
Author
4 - Aspects of Windows Client Security
Jan De Clercq ... Guido Grillenmeier
Microsoft Windows Security Fundamentals | VOL. -
Jan De Clercq, et. al.Jan De Clercq ... Guido Grillenmeier
01 Jan 2007
3 - Windows Trust Relationships
Guido Grillenmeier ... Jan De Clercq
Microsoft Windows Security Fundamentals | VOL. -
Guido Grillenmeier, et. al.Guido Grillenmeier ... Jan De Clercq
01 Jan 2007
1 - The Challenge of Trusted Security Infrastructures
Guido Grillenmeier ... Jan De Clercq
Microsoft Windows Security Fundamentals | VOL. -
Guido Grillenmeier, et. al.Guido Grillenmeier ... Jan De Clercq
01 Jan 2007
10 - Windows Server 2003 Authorization
Guido Grillenmeier ... Jan De Clercq
Microsoft Windows Security Fundamentals | VOL. -
Guido Grillenmeier, et. al.Guido Grillenmeier ... Jan De Clercq
01 Jan 2007
View more papers