.NET Developer Platform Security in-depth

March 5, 2002

Practical Aspects of Modern Cryptography

The Basic Kerberos Protocol (2)

Phase 1: C gets a Ticket-Granting Ticket

2.KDC responds with two items

nThe ticket-granting ticket

nA ticket for C to talk to TGS

nA copy of the session key to use to talk to TGS, encrypted in C’s shared key

KDC è C: {TC,TGS}KTGS , {KC,TGS}KC

where Tc,s = s, {c, c-addr, lifetime, Kc,s}Ks

nOnly the TGS can decrypt the ticket

nC can unlock the second part to retrieve KC,TGS