KERBEROS
- Kerberos is an authentication protocol
- Kerberos provides SSO (Single Sign-On)
- Uses Port 88 TCP or UDP
- KDC (Key Distribution Center) uses 2 services: Authentication Service and a Ticket Granting Service
- Authentication Service handles authenticating user login requests
- The AS issues a TGT (Ticket Granting Ticket)
- To access any resource within the domain the client quests a Service Ticket
- The TGS (Ticket Granting Service) issues the Service Ticket to the client so they can access the resource
- TGT's are uniques to Kerberos only
- By default, the client and the Kerberos server have to be within a 5-minute window of each other for authentication to succeed.
- Kerberos provides mutual authentication as the server authenticates to the client.
- Kerberos prevents eavesdropping and MITM attacks. (Man-In-The-Middle)