Kerberos

Terms

Review Questions

14.1 What problem was Kerberos designed to address?

Authenticating requests and users in an open distributed environment. p402

14.2 What are three threats associated with user authentication over a network or Internet?

1. Impersonating the user by gaining access to a workstation (physically or using malware)
2. Change workstation address so that you are impersonating the machine.
3. Replay attack by eavesdropping on exchanges to disrupt operations.

14.3 List three approaches to secure user authentication in a distribted environment.

1. Rely on each individual client workstation to assure the identity of its user or users and rely on each server to enforce a security policy based on user ID.
2. Require that client systems authenticate themselves to servers, but trust the client system concerning the identity of its user.

3. Require the user to prove identity for each service invoked. Also require that servers prove their identity to clients.

14.4 What four requirements were defined for Kerberos?

1. Secure
2. Reliable (available - so that multiple systems can support the functionality needed).
3. Transparent - except for entering a password.
4. Scalable

14.5 What entities constitute a full-service Kerberos environment?

Kerberos Server, Clients and application servers.

14.6 In the context of Kerberos, what is a realm?

• A Kerberos Server containing all the user ids and hashes of their passwords - we say the users are registered with the Kerberos server.
• A Kerberos server must share a secret key with the application servers - that is they are registered with the Kerberos server.

14.7 What are the principal differences between version 4 and version 5 of Kerberos?

14.8 What is the purpose of the X.509 standard?

14.9 What is a chain of certificates?

14.10 How is an X.509 certificate revoked?