throbber
--
`
`--
`
`Kerberos: An Authentication Service for Open Network Systems
`
`Jennifer G. Steiner
`
`Project Athena
`Massachusetts Institute of Technology
`Cambridge, MA 02139
`steiner@ATHENA.MIT.EDU
`
`Clifford Neuman†
`
`Department of Computer Science, FR-35
`University of Washington
`Seattle, WA 98195
`bcn@CS.WASHINGTON.EDU
`
`Jeffrey I. Schiller
`
`Project Athena
`Massachusetts Institute of Technology
`Cambridge, MA 02139
`jis@ATHENA.MIT.EDU
`
`Introduction
`This paper gives an overview of Kerberos,
`an authentication system designed by Miller and
`Neuman1 for open network computing environ-
`ments, and describes our experience using it at
`MIT’s Project Athena.2 In the first section of the
`paper, we explain why a new authentication
`model is needed for open networks, and what its
`requirements are. The second section lists the
`components of
`the Kerberos
`software
`and
`describes how they interact
`in providing the
`authentication service. In Section 3, we describe
`the Kerberos naming scheme.
`Section 4 presents the building blocks of
`Kerberos authentication − the ticket and the
`authenticator. This leads to a discussion of the
`two authentication protocols: the initial authenti-
`cation of a user
`to Kerberos
`(analogous to
`(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)
`† Clifford Neuman was a member of the Project Athena staff during the design and initial implementation phase of Ker-
`beros.
`
`logging in), and the protocol for mutual authenti-
`cation of a potential consumer and a potential
`producer of a network service.
`Kerberos requires a database of informa-
`tion about its clients; Section 5 describes the data-
`base, its management, and the protocol for its
`modification. Section 6 describes the Kerberos
`interface to its users, applications programmers,
`and administrators.
`In Section 7, we describe
`how the Project Athena Kerberos fits into the rest
`of the Athena environment. We also describe the
`interaction of different Kerberos authentication
`domains, or realms;
`in our case,
`the relation
`between the Project Athena Kerberos and the
`Kerberos running at MIT’s Laboratory for Com-
`puter Science.
`In Section 8, we mention open issues and
`problems as yet unsolved. The last section gives
`
`January 12, 1988
`
`Petitioner Apple Inc. - Exhibit 1049, p. 1
`
`

`

`--
`
`--
`
`- 2 -
`
`the current status of Kerberos at Project Athena.
`In the appendix, we describe in detail how Ker-
`beros is applied to a network file service to
`authenticate users who wish to gain access to
`remote file systems.
`Conventions. Throughout
`this paper we
`use terms that may be ambiguous, new to the
`reader, or used differently elsewhere. Below we
`state our use of those terms.
`User, Client, Server. By user, we mean a
`human being who uses a program or service. A
`client also uses something, but is not necessarily
`a person; it can be a program. Often network
`applications consist of two parts; one program
`which runs on one machine and requests a remote
`service, and another program which runs on the
`remote machine and performs that service. We
`call those the client side and server side of the
`application, respectively. Often, a client will
`contact a server on behalf of a user.
`Each entity that uses the Kerberos system,
`be it a user or a network server, is in one sense a
`client, since it uses the Kerberos service. So to
`distinguish Kerberos clients from clients of other
`services, we use the term principal
`to indicate
`such an entity. Note that a Kerberos principal
`can be either a user or a server. (We describe the
`naming of Kerberos principals in a later section.)
`Service vs. Server. We use service as an
`abstract specification of some actions to be per-
`formed. A process which performs those actions
`is called a server. At a given time, there may be
`several servers
`(usually running on different
`machines) performing a given service. For exam-
`ple, at Athena there is one BSD UNIX rlogin
`server
`running on each of our
`timesharing
`machines.
`Key, Private Key, Password. Kerberos
`uses private key encryption. Each Kerberos prin-
`cipal is assigned a large number, its private key,
`known only to that principal and Kerberos.
`In
`the case of a user, the private key is the result of a
`one-way function applied to the user’s password.
`We use key as shorthand for private key.
`Credentials. Unfortunately, this word has a
`special meaning for both the Sun Network File
`System and the Kerberos system. We explicitly
`state whether we mean NFS credentials or Ker-
`beros credentials, otherwise the term is used in
`the normal English language sense.
`Master and Slave. It is possible to run Ker-
`beros authentication software on more than one
`
`there is always only one
`machine. However,
`definitive copy of the Kerberos database. The
`machine which houses this database is called the
`master machine, or
`just
`the master. Other
`machines may possess read-only copies of the
`Kerberos database, and these are called slaves.
`
`1. Motivation
`In a non-networked personal computing
`environment, resources and information can be
`protected by physically securing the personal
`computer.
`In a timesharing computing environ-
`ment, the operating system protects users from
`one another and controls resources.
`In order to
`determine what each user is able to read or
`modify, it is necessary for the timesharing system
`to identify each user. This is accomplished when
`the user logs in.
`In a network of users requiring services
`from many separate computers, there are three
`approaches one can take to access control: One
`can do nothing, relying on the machine to which
`the user is logged in to prevent unauthorized
`access; one can require the host to prove its iden-
`tity, but trust the host’s word as to who the user
`is; or one can require the user to prove her/his
`identity for each required service.
`the
`In a closed environment where all
`machines are under strict control, one can use the
`first approach. When the organization controls
`all the hosts communicating over the network,
`this is a reasonable approach.
`In a more open environment, one might
`selectively trust only those hosts under organiza-
`tional control.
`In this case, each host must be
`required to prove its identity. The rlogin and rsh
`programs use this approach.
`In those protocols,
`authentication is done by checking the Internet
`address from which a connection has been esta-
`blished.
`In the Athena environment, we must be
`able to honor requests from hosts that are not
`under organizational control. Users have com-
`plete control of their workstations:
`they can
`reboot them, bring them up standalone, or even
`boot off their own tapes. As such,
`the third
`approach must be taken;
`the user must prove
`her/his identity for each desired service. The
`server must also prove its identity. It is not suffi-
`cient to physically secure the host running a net-
`work server; someone elsewhere on the network
`may be masquerading as the given server.
`Our
`environment
`places
`
`several
`
`January 12, 1988
`
`Petitioner Apple Inc. - Exhibit 1049, p. 2
`
`

`

`--
`
`--
`
`- 3 -
`
`Kent.4
`
`2.1. What Does It Do?
`Kerberos keeps a database of its clients and
`their private keys. The private key is a large
`number known only to Kerberos and the client it
`belongs to. In the case that the client is a user, it
`is an encrypted password. Network services
`requiring authentication register with Kerberos,
`as do clients wishing to use those services. The
`private keys are negotiated at registration.
`Because Kerberos knows these private
`keys, it can create messages which convince one
`client that another is really who it claims to be.
`Kerberos also generates temporary private keys,
`called session keys, which are given to two
`clients and no one else. A session key can be
`used to encrypt messages between two parties.
`Kerberos provides three distinct levels of
`protection. The application programmer deter-
`mines which is appropriate, according to the
`requirements of the application. For example,
`some applications require only that authenticity
`be established at the initiation of a network con-
`nection, and can assume that further messages
`from a given network address originate from the
`authenticated party. Our authenticated network
`file system uses this level of security.
`Other applications require authentication of
`each message, but do not care whether the content
`of the message is disclosed or not. For these,
`Kerberos provides safe messages. Yet a higher
`level of security is provided by private messages,
`where each message is not only authenticated, but
`also encrypted. Private messages are used, for
`example, by the Kerberos server itself for send-
`ing passwords over the network.
`
`2.2. Software Components
`The Athena
`implementation comprises
`several modules (see Figure 1). The Kerberos
`applications library provides an interface for
`application clients and application servers.
`It
`contains, among others, routines for creating or
`reading authentication requests, and the routines
`for creating safe or private messages.
`
`requirements on an identification mechanism.
`First, it must be secure. Circumventing it must be
`difficult enough that a potential attacker does not
`find the authentication mechanism to be the weak
`link. Someone watching the network should not
`be able to obtain the information necessary to
`impersonate another user. Second, it must be reli-
`able. Access to many services will depend on the
`authentication service.
`If it is not reliable, the
`system of services as a whole will not be. Third,
`it should be transparent. Ideally, the user should
`not be aware of authentication taking place.
`Finally, it should be scalable. Many systems can
`communicate with Athena hosts. Not all of these
`will support our mechanism, but software should
`not break if they did.
`Kerberos is the result of our work to satisfy
`the above requirements. When a user walks up to
`a workstation s/he ‘‘logs in’’. As far as the user
`can tell, this initial identification is sufficient to
`prove her/his identity to all the required network
`servers for the duration of the login session. The
`security of Kerberos relies on the security of
`several authentication servers, but not on the sys-
`tem from which users log in, nor on the security
`of the end servers that will be used. The authenti-
`cation server provides a properly authenticated
`user with a way to prove her/his identity to
`servers scattered across the network.
`Authentication is a fundamental building
`block for a secure networked environment. If, for
`example, a server knows for certain the identity
`of a client, it can decide whether to provide the
`service, whether the user should be given special
`privileges, who should receive the bill for the ser-
`vice, and so forth. In other words, authorization
`and accounting schemes can be built on top of the
`authentication that Kerberos provides, resulting
`in equivalent security to the lone personal com-
`puter or the timesharing system.
`
`2. What is Kerberos?
`Kerberos is a trusted third-party authentica-
`tion service based on the model presented by
`Needham and Schroeder.3 It
`is trusted in the
`sense that each of its clients believes Kerberos’
`judgement as to the identity of each of its other
`clients
`to be
`accurate. Timestamps
`(large
`numbers representing the current date and time)
`have been added to the original model to aid in
`the detection of replay. Replay occurs when a
`message is stolen off the network and resent later.
`For a more complete description of replay, and
`other issues of authentication, see Voydock and
`
`January 12, 1988
`
`Petitioner Apple Inc. - Exhibit 1049, p. 3
`
`

`

`--
`
`--
`
`- 4 -
`
`(cid:1) Kerberos applications library
`(cid:1) encryption library
`(cid:1) database library
`(cid:1) database administration programs
`(cid:1) administration server
`(cid:1) authentication server
`(cid:1) db propagation software
`(cid:1) user programs
`(cid:1) applications
`
`Figure 1. Kerberos Software Components.
`
`Encryption in Kerberos is based on DES,
`the Data Encryption Standard.5 The encryption
`library
`implements
`those
`routines.
`Several
`methods of encryption are provided, with trade-
`offs between speed and security. An extension to
`the DES Cypher Block Chaining (CBC) mode,
`called the Propagating CBC mode, is also pro-
`vided.
`In CBC, an error
`is propagated only
`through the current block of the cipher, whereas
`in PCBC, the error is propagated throughout the
`message. This renders the entire message useless
`if an error occurs, rather than just a portion of it.
`The encryption library is an independent module,
`and may be replaced with other DES implementa-
`tions or a different encryption library.
`Another replaceable module is the database
`management system. The current Athena imple-
`mentation of the database library uses ndbm,
`although Ingres was originally used. Other data-
`base management libraries could be used as well.
`The Kerberos database needs are straight-
`forward; a record is held for each principal, con-
`taining the name, private key, and expiration date
`of the principal, along with some administrative
`information. (The expiration date is the date after
`which an entry is no longer valid. It is usually set
`to a few years into the future at registration.)
`Other user information, such as real name,
`phone number, and so forth, is kept by another
`server, the Hesiod nameserver.6 This way, sensi-
`tive information, namely passwords, can be han-
`dled by Kerberos, using fairly high security
`measures; while the non-sensitive information
`kept by Hesiod is dealt with differently; it can,
`for example, be sent unencrypted over the net-
`work.
`
`servers use the database
`The Kerberos
`library, as do the tools for administering the data-
`base.
`
`(or KDBM
`The administration server
`server) provides a read-write network interface to
`
`the database. The client side of the program may
`be run on any machine on the network. The
`server side, however, must run on the machine
`housing the Kerberos database in order to make
`changes to the database.
`The authentication server (or Kerberos
`server), on the other hand, performs read-only
`operations on the Kerberos database, namely, the
`authentication of principals, and generation of
`session keys. Since this server does not modify
`the Kerberos database, it may run on a machine
`housing a read-only copy of the master Kerberos
`database.
`Database propagation software manages
`replication of the Kerberos database. It is possi-
`ble to have copies of the database on several dif-
`ferent machines, with a copy of the authentication
`server running on each machine. Each of these
`slave machines receives an update of the Ker-
`beros database from the master machine at given
`intervals.
`there are end-user programs for
`Finally,
`logging in to Kerberos, changing a Kerberos
`password, and displaying or destroying Kerberos
`tickets (tickets are explained later on).
`
`3. Kerberos Names
`Part of authenticating an entity is naming it.
`The process of authentication is the verification
`that the client is the one named in a request.
`What does a name consist of? In Kerberos, both
`users and servers are named. As far as the
`authentication server
`is concerned,
`they are
`equivalent. A name consists of a primary name,
`an
`instance,
`and
`a
`realm,
`expressed
`as
`name.instance@realm (see Figure 2).
`
`bcn
`treese.root
`jis@LCS.MIT.EDU
`rlogin.priam@ATHENA.MIT.EDU
`
`Figure 2. Kerberos Names.
`
`The primary name is the name of the user
`or the service. The instance is used to distinguish
`among variations on the primary name. For
`users, an instance may entail special privileges,
`such as the ‘‘root’’ or ‘‘admin’’ instances. For
`services in the Athena environment, the instance
`is usually the name of the machine on which the
`server runs. For example, the rlogin service has
`different
`instances
`on
`different
`hosts:
`
`January 12, 1988
`
`Petitioner Apple Inc. - Exhibit 1049, p. 4
`
`

`

`--
`
`--
`
`- 5 -
`
`rlogin.priam is the rlogin server on the host
`named priam. A Kerberos ticket is only good for
`a single named server. As such, a separate ticket
`is required to gain access to different instances of
`the same service. The realm is the name of an
`administrative entity that maintains authentication
`data. For example, different
`institutions may
`each have their own Kerberos machine, housing a
`different database. They have different Kerberos
`realms. (Realms are discussed further in section
`8.2.)
`
`4. How It Works
`This section describes the Kerberos authen-
`tication protocols. The following abbreviations
`are used in the figures.
`
`c
`s
`addr
`life
`tgs, TGS
`Kerberos
`KDBM
`Kx
`Kx,y
`{abc}Kx
`Tx,y
`Ax
`WS
`
`->
`->
`->
`->
`->
`->
`->
`->
`->
`->
`->
`->
`->
`
`client
`server
`client’s network address
`lifetime of ticket
`ticket-granting server
`authentication server
`administration server
`x’s private key
`session key for x and y
`abc encrypted in x’s key
`x’s ticket to use y
`authenticator for x
`workstation
`
`As mentioned above, the Kerberos authentication
`model is based on the Needham and Schroeder
`key distribution protocol. When a user requests a
`service, her/his identity must be established. To
`do this, a ticket is presented to the server, along
`with proof that the ticket was originally issued to
`the user, not stolen. There are three phases to
`authentication through Kerberos.
`In the first
`phase, the user obtains credentials to be used to
`request access to other services.
`In the second
`phase,
`the user
`requests authentication for a
`specific service.
`In the final phase,
`the user
`presents those credentials to the end server.
`
`4.1. Credentials
`There are two types of credentials used in
`the Kerberos authentication model: tickets and
`authenticators. Both are based on private key
`encryption, but they are encrypted using different
`keys. A ticket is used to securely pass the iden-
`tity of the person to whom the ticket was issued
`between the authentication server and the end
`
`server. A ticket also passes information that can
`be used to make sure that the person using the
`ticket is the same person to which it was issued.
`The authenticator contains the additional informa-
`tion which, when compared against that in the
`ticket proves that the client presenting the ticket is
`the same one to which the ticket was issued.
`A ticket is good for a single server and a
`single client. It contains the name of the server,
`the name of the client, the Internet address of the
`client, a timestamp, a lifetime, and a random ses-
`sion key. This information is encrypted using the
`key of the server for which the ticket will be used.
`Once the ticket has been issued, it may be used
`multiple times by the named client to gain access
`to the named server, until the ticket expires. Note
`that because the ticket is encrypted in the key of
`the server, it is safe to allow the user to pass the
`ticket on to the server without having to worry
`about the user modifying the ticket (see Figure 3).
`
`{s, c, addr, timestamp, life, Ks,c}Ks
`
`Figure 3. A Kerberos Ticket.
`
`Unlike the ticket, the authenticator can only
`be used once. A new one must be generated each
`time a client wants to use a service. This does not
`present a problem because the client is able to
`build the authenticator itself. An authenticator
`contains the name of the client, the workstation’s
`IP address, and the current workstation time. The
`authenticator is encrypted in the session key that
`is part of the ticket (see Figure 4).
`
`{c, addr, timestamp}Ks,c
`
`Figure 4. A Kerberos Authenticator.
`
`4.2. Getting the Initial Ticket
`When the user walks up to a workstation,
`only one piece of information can prove her/his
`identity:
`the
`user’s
`password.
`The
`initial
`exchange with the
`authentication server
`is
`designed to minimize the chance that the pass-
`word will be compromised, while at the same
`time not allowing a user to properly authenticate
`her/himself without knowledge of that password.
`The process of logging in appears to the user to
`be the same as logging in to a timesharing system.
`Behind the scenes, though, it is quite different
`(see Figure 5).
`
`January 12, 1988
`
`Petitioner Apple Inc. - Exhibit 1049, p. 5
`
`

`

`--
`
`--
`
`Client
`
`c, tgs
`(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0) Kerberos
`
`Client
`
`(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0) Kerberos
`{Kc,tgs,{Tc,tgs} Ktgs}Kc
`
`Figure 5. Getting the Initial Ticket.
`
`The user is prompted for her/his username.
`Once it has been entered, a request is sent to the
`authentication server containing the user’s name
`and the name of a special service known as the
`ticket-granting service.
`it
`The authentication server checks that
`knows about the client. If so, it generates a ran-
`dom session key which will later be used between
`the client and the ticket-granting server.
`It then
`creates a ticket for the ticket-granting server
`which contains the client’s name, the name of the
`ticket-granting server, the current time, a lifetime
`for the ticket, the client’s IP address, and the ran-
`dom session key just created. This
`is all
`encrypted in a key known only to the ticket-
`granting server and the authentication server.
`The authentication server then sends the
`ticket, along with a copy of the random session
`key and some additional information, back to the
`client. This response is encrypted in the client’s
`private key, known only to Kerberos and the
`client, which is derived from the user’s password.
`Once the response has been received by the
`client, the user is asked for her/his password. The
`password is converted to a DES key and used to
`decrypt
`the response from the authentication
`server. The ticket and the session key, along with
`some of the other information, are stored for
`future use, and the user’s password and DES key
`are erased from memory.
`Once the exchange has been completed, the
`workstation possesses information that it can use
`to prove the identity of its user for the lifetime of
`the ticket-granting ticket. As long as the software
`on the workstation had not been previously tam-
`pered with, no information exists that will allow
`someone else to impersonate the user beyond the
`life of the ticket.
`
`- 6 -
`
`4.3. Requesting a Service
`For the moment, let us pretend that the user
`already has a ticket for the desired server.
`In
`order to gain access to the server, the application
`builds an authenticator containing the client’s
`name and IP address, and the current time. The
`authenticator is then encrypted in the session key
`that was received with the ticket for the server.
`The client then sends the authenticator along with
`the ticket to the server in a manner defined by the
`individual application.
`Once the authenticator and ticket have been
`received by the server, the server decrypts the
`ticket, uses the session key included in the ticket
`to decrypt the authenticator, compares the infor-
`mation in the ticket with that in the authenticator,
`the IP address from which the request was
`received, and the present
`time.
`If everything
`matches, it allows the request to proceed (see Fig-
`ure 6).
`
`Client
`
`{Ac}Kc,s, {Tc,s}Ks
`(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0) Server
`
`Figure 6. Requesting a Service.
`
`It is assumed that clocks are synchronized
`to within several minutes.
`If the time in the
`request is too far in the future or the past, the
`server treats the request as an attempt to replay a
`previous request. The server is also allowed to
`keep track of all past requests with timestamps
`that are still valid. In order to further foil replay
`attacks, a request received with the same ticket
`and timestamp as one already received can be dis-
`carded.
`Finally, if the client specifies that it wants
`the server to prove its identity too, the server adds
`one to the timestamp the client sent in the authen-
`ticator, encrypts the result in the session key, and
`sends the result back to the client (see Figure 7).
`
`Client
`
`(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0) Server
`{timestamp + 1} Kc,s
`
`Figure 7. Mutual Authentication.
`
`At the end of this exchange, the server is
`certain that, according to Kerberos, the client is
`who it says it is. If mutual authentication occurs,
`the client
`is also convinced that the server is
`authentic. Moreover, the client and server share a
`
`January 12, 1988
`
`Petitioner Apple Inc. - Exhibit 1049, p. 6
`
`

`

`--
`
`--
`
`- 7 -
`
`key which no one else knows, and can safely
`assume
`that
`a
`reasonably
`recent message
`encrypted in that key originated with the other
`party.
`
`4.4. Getting Server Tickets
`Recall that a ticket is only good for a single
`server. As such,
`it
`is necessary to obtain a
`separate ticket for each service the client wants to
`use. Tickets
`for
`individual
`servers can be
`obtained from the ticket-granting service. Since
`the ticket-granting service is itself a service, it
`makes use of
`the
`service
`access protocol
`described in the previous section.
`When a program requires a ticket that has
`not already been requested, it sends a request to
`the ticket-granting server (see Figure 8). The
`request contains the name of the server for which
`a ticket
`is requested, along with the ticket-
`granting ticket and an authenticator built as
`described in the previous section.
`
`Client
`
`s,{Tc,tgs}Ktgs,{Ac}Kc,tgs
`(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0) TGS
`
`Client
`
`(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0) TGS
`{{Tc,s}Ks,Kc,s}Kc,tgs
`
`Figure 8. Getting a Server Ticket.
`
`The ticket-granting server then checks the
`authenticator
`and
`ticket-granting
`ticket
`as
`described above.
`If valid,
`the ticket-granting
`server generates a new random session key to be
`used between the client and the new server.
`It
`then builds a ticket for the new server containing
`the client’s name, the server name, the current
`time, the client’s IP address and the new session
`key it just generated. The lifetime of the new
`ticket is the minimum of the remaining life for the
`ticket-granting ticket and the default for the ser-
`vice.
`
`The ticket-granting server then sends the
`ticket, along with the session key and other infor-
`mation, back to the client. This time, however,
`the reply is encrypted in the session key that was
`part of the ticket-granting ticket. This way, there
`is no need for the user to enter her/his password
`again. Figure 9 summarizes the authentication
`protocols.
`
`Kerberos
`
`TGS
`
`2
`
`3
`
`4
`
`1
`
`User/
`Client
`
`5
`(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)
`
`Server
`
`1. Request for TGS ticket
`2. Ticket for TGS
`3. Request for Server ticket
`4. Ticket for Server
`5. Request for service
`
`Figure 9. Kerberos Authentication Protocols.
`
`5. The Kerberos Database
`Up to this point, we have discussed opera-
`tions requiring read-only access to the Kerberos
`database. These operations are performed by the
`authentication service, which can run on both
`master and slave machines (see Figure 10).
`
`WS
`
`WS
`
`WS
`
`Slave
`
`Master
`
`Figure 10. Authentication Requests.
`
`In this section, we discuss operations that
`require write access to the database. These
`operations are performed by the administration
`service, called the Kerberos Database Manage-
`ment Service (KDBM). The current implementa-
`tion stipulates that changes may only be made to
`the master Kerberos database; slave copies are
`read-only. Therefore,
`the KDBM server may
`only run on the master Kerberos machine (see
`Figure 11).
`
`January 12, 1988
`
`Petitioner Apple Inc. - Exhibit 1049, p. 7
`
`

`

`--
`
`--
`
`- 8 -
`
`WS
`
`WS
`
`WS
`
`Slave
`
`Master
`
`Figure 11. Administration Requests.
`
`Note that, while authentication can still occur (on
`slaves), administration requests cannot be ser-
`viced if the master machine is down.
`In our
`experience, this has not presented a problem, as
`administration requests are infrequent.
`The KDBM handles requests from users to
`change their passwords. The client side of this
`program, which sends requests to the KDBM over
`the network,
`is the kpasswd program. The
`KDBM also accepts requests from Kerberos
`administrators, who may add principals to the
`database, as well as change passwords for exist-
`ing principals. The client side of the administra-
`tion program, which also sends requests to the
`KDBM over the network, is the kadmin program.
`
`5.1. The KDBM Server
`The KDBM server accepts requests to add
`principals to the database or change the pass-
`words for existing principals. This service is
`unique in that the ticket-granting service will not
`issue tickets for it. Instead, the authentication ser-
`vice itself must be used (the same service that is
`used to get a ticket-granting ticket). The purpose
`of this is to require the user to enter a password.
`If this were not so, then if a user left her/his
`workstation unattended, a passerby could walk up
`and change her/his password for them, something
`which should be prevented. Likewise,
`if an
`administrator left her/his workstation unguarded,
`a passerby could change any password in the sys-
`tem.
`
`When the KDBM server receives a request,
`it authorizes it by comparing the authenticated
`principal name of the requester of the change to
`the principal name of the target of the request. If
`they are the same, the request is permitted.
`If
`they are not the same, the KDBM server consults
`an access control
`list (stored in a file on the
`
`master Kerberos system). If the requester’s prin-
`cipal name is found in this file, the request is per-
`mitted, otherwise it is denied.
`By convention, names with a NULL
`instance (the default instance) do not appear in
`instead, an admin
`the access control
`list file;
`instance is used. Therefore, for a user to become
`an administrator of Kerberos an admin instance
`for that username must be created, and added to
`the access control list. This convention allows an
`administrator to use a different password for Ker-
`beros administration then s/he would use for nor-
`mal login.
`to the KDBM program,
`requests
`All
`whether permitted or denied, are logged.
`
`5.2. The kadmin and kpasswd Programs
`Administrators of Kerberos use the kadmin
`program to add principals to the database, or
`change the passwords of existing principals. An
`administrator is required to enter the password for
`their admin instance name when they invoke the
`kadmin program. This password is used to fetch a
`ticket for the KDBM server (see Figure 12).
`
`Kerberos
`
`KDBM
`
`2
`
`3
`
`1
`
`User/
`Admin
`
`1. Request for KDBM ticket
`2. Ticket for KDBM
`3. kadmin or kpasswd request
`
`Figure 12. Kerberos Administration Protocol.
`
`Users may change their Kerberos pass-
`words using the kpasswd program. They are
`required to enter their old password when they
`invoke the program. This password is used to
`fetch a ticket for the KDBM server.
`
`5.3. Database Replication
`Each Kerberos realm has a master Ker-
`beros machine, which houses the master copy of
`the
`authentication database.
`It
`is possible
`(although not necessary)
`to have additional,
`read-only copies of
`the database on slave
`machines
`elsewhere
`in
`the
`system.
`The
`
`January 12, 1988
`
`Petitioner Apple Inc. - Exhibit 1049, p. 8
`
`

`

`--
`
`--
`
`- 9 -
`
`advantages of having multiple copies of the data-
`base are those usually cited for
`replication:
`higher availability and better performance. If the
`master machine is down, authentication can still
`be achieved on one of the slave machines. The
`ability to perform authentication on any one of
`several machines reduces the probability of a
`bottleneck at the master machine.
`Keeping multiple copies of the database
`introduces the problem of data consistency. We
`have found that very simple methods suffice for
`dealing with inconsistency. The master database
`is dumped every hour. The database is sent, in its
`entirety, to the slave machines, which then update
`their own databases. A program on the master
`host, called kprop, sends the update to a peer pro-
`gram, called kpropd, running on each of the slave
`machines (see Figure 13). First kprop sends a
`checksum of the new database it is about to send.
`The checksum is encrypted in the Kerberos mas-
`ter database key, which both the master and slave
`Kerberos machines possess. The data is then
`transferred over the network to the kpropd on the
`slave machine. The slave propagation server cal-
`culates a checksum of the data it has received,
`and if it matches the checksum sent by the master,
`the new information is used to update the slave’s
`database.
`
`Master
`(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)
`
`kprop
`(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)
`
`(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)
`kpropd
`
`(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:0)(cid:

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket