Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
In Kerberos environment, what is used to authenticate a client to a requested service on a server?
Digital certificates
Ticket Granting Ticket (TGT)
Key Distribution Center (KDC)
Session keys
How Kerberos works: 1. The first entity sends its username to the AS. 2. If the username was available in the AS, it will encrypt a ticket (TGT) with the first entity's secret key, and send that encrypted TGT to the first entity. 3. The first entity will take the encrypted TGT and decrypt it with it's own password. Now the first entity is AUTHENTICATED! and has the TGT 4. When the first entity needs to communicate with another entity (second entity), it will send the TGT to the TGS. 5. The TGS will validate the TGT, and then will create another ticket containing TWO SESSION KEYS: one encrypted with the first entity's secret key, and the second encrypted with the second entity's secret key. 6. Finally, each entity can decrypt its session key using their secret keys. Now they both have the same session key, so they can communicated. SO... the right answer is: TGT not session key ;) It is also worth noting that both entities must authenticate to the KDC AS to actually communicate. Entities do not authenticate out of the loop.
The answer is Ticket Granting Ticket. The client authenticates itself to the Authentication Server (AS) which forwards the username to a Ticket Granting Service (TGS). The TGS issues a ticket-granting ticket (TGT), which is time stamped, encrypts it using the user's password and returns the encrypted result to the user's workstation. So the TGT, AS, and TGS are involved in the authentication process... EDIT: This question doesn't seem correct. The TGT authenticates the client to the TGS NOT the service granting server. The AS generates the TGT (symmetrically encrypted with the client's password), the client decrypts the TGTs and uses the key inside to send an asymmetrically encrypted message to the TGS. The TGS then gives the client a ticket and notifies the service providing service.
p575 CISSP 7th Edition The KDC is the trusted third party that provides authentication, the TGT provides proof that the subject was authenticated through the KDC. fixing answer, please provide sources as I have. Key Distribution Center The key distribution center (KDC) is the trusted third party that provides authentication services. Kerberos uses symmetric-key cryptography to authenticate clients to servers. All clients and servers are registered with the KDC, and it maintains the secret keys for all network members. Kerberos Authentication Server The authentication server hosts the functions of the KDC: a ticket-granting service (TGS), and an authentication service (AS). However, it is possible to host the ticket-granting service on another server. The authentication service verifies or rejects the authenticity and timeliness of tickets. This server is often called the KDC. Ticket-Granting Ticket A ticket-granting ticket (TGT) provides proof that a subject has authenticated through a KDC and is authorized to request tickets to access other objects. A TGT is encrypted and includes a symmetric key, an expiration time, and the user’s IP address. Subjects present the TGT when requesting tickets to access objects
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.