Kerberos - authentication protocol
ฝัง
- เผยแพร่เมื่อ 28 ก.ย. 2024
- Please support my channel by becoming a Sunny Classroom member. Your support is much appreciated. / sunnyclassroom
At 4:30: A mistake: step 3: When the file server gets the token, it "decrypts" (not "encrypts") the token with the secret key shared with TGS.
In Greek mythology, Kerberos is a dog with three heads. But today I will not talk about the dog. Kerberos is an authentication protocol for client/server applications. I will demonstrate with an example how Kerberos works. Keep in mind, Kerberos implements private key encryption.
Playlist: Basic Cryptography
• Private Key Encryption...
Advanced Cryptography:
• What is digital signat...
Please leave comments, questions and
Please subscribe to my channel
Many thanks,
Sunny Classroom
I'm so happy I decided to study IT at a time when Sunny's videos exist.
Thanks!
Great explanation. Minor mistake was duly noted about decryption step between client and fileserver when decrypting the encrypted token granted by the Ticket Granting Server. Thanks!
Thanks! I was thinking the same thing, but wasn't sure. He says at 4:24 "When the file server gets the token, it ENCRYPTS the token", I think he means that it DECRYPTS the token. I had to play that back to make sure I heard what I heard, but if you noticed it too, then I think my gut was right and it's just a mistake in the video.
Great video! However, there were 2 mistakes:
1) At 2:26, the request is encrypted with a HASH of the clients password, not the clients actual password (because that would mean that the Authentication Server is storing the clients password in plaintext, which is NOT GOOD - it instead stores a hash of the clients password)
2) At 4:32, it should be "decrypts the token" instead of "encrypts the token", because it's already been encrypted.
Other than that, great explanation. Very easy to understand!
True...even i was a bit skeptical about the point 1....
sorry i am just trying to understand a bit better. can you explain how the request is encrypted with a hash of the client's password??
I think you're right in your first point about this being wrong, but I don't think you're correct either. The initial request to the AS is completely plaintext. Please do correct me if you think I'm wrong.
I agree that the _response_ (including the TGS session key etc) from the AS would be encrypted using the hash of the client's password.
@@sb_4 the initial request is the client providing their credentials so that they can be authenticated. Why would that be in plaintext lol. Anyone would be able to sniff the traffic and obtain their credentials that way
@@doomedpepper8109 Because they just send their username, not their password (nor hashed password). There is no need to authenticate, aside from the Authentication Server checking that the user exists, because of the fact that the user can only decrypt the first response from the AS if they know their password / hashed password.
WOW! after spending two hours of searching finally I got this. A very very clear video. Thanks for your efforts.
This the best explanation about Kerberos I saw on youtube. This is coming from a senior systems engineer. Keep up the good work.
Thank you very much!
instablaster...
Agreed!!!
I agree, best video ever about Kerberos Quick Explanation, thanks
That was truly brilliant, thanks for making this so easy to understand.
you are welcome. Thank you for leaving nice comment.
I really liked the visuals you provided. It really helped me understand the "three heads of Kerberos" (the three keys).
Cannot be explained more simpler than this!! Very good work!! Thanks for uploading..
Most welcome!
I learnt so much from your VDOs that I can not explain. I wish I could learn more that I need to learn from you. Thank you.
Happy to hear that!
Kerberos has been very difficult for me to comprehend, this helped so much. Thank you Sunny.
You're most welcome
Whenever I was not clear with any topic I will search for sunny videos in TH-cam..
Thank you very much. it means a lot to me.
Unbelievably good explanation. The best I've come across. Keep up the great work!
Thanks a lot.
Sunny, I am studying for my SY0-601. Kerberos had me completely baffled until I watched your video. Thank you SO MUCH!!
This just made more than a few Active Directory concepts I've been learning about in my cybersecurity studies click. Wonderfully simple and straightforward explanation!
This is the most useful breakdown of Kerberos I've found anywhere on the Internet. This is gold, thank you!
I also wanted to compliment your English language. You took your time and did fantastic pronouncing words. Awesome job!
Thank Sunny, I started watching your clips daily, they are so helpful and easy to understand as stated by everyone!
Wow great explanation best explanation on TH-cam
Many thanks.
No only on SONNY's Channel
I'm in a graduate course in networking and the explanation there was in the form of voluminous text explanation and a crappy graphic from Wikipedia (lame). This is a beautifully clear explanation that leaves no doubts in my mind about the process, or the objects/subjects involved - Thanks!
I paid for many udemy courses and books but this channel is the best. I wish he had some courses in udemy. This channel has very clean and on point explanation within mins. Other courses takes 20mins and you get even more confused..... Please create udemy courses!
I watched some videos on this topic but i was still confused but your explanation was very clear and easy to understand.. I’m so grateful thank you
Your explanation is genuinely very grasping and absorbing. Continue making more such videos
Precise and best explanation before watching this video it is y difficult for me to understand this topic but now it's crystal clear.
That's the clearest explanation of Kerberos that I've ever heard. Thank you, Sunny.
A great intro to Kerberos: short, simple and to the point - thx!
When I heard him talk I almost stopped the video but I am glad I didn't because he explains Keberos authentication very well
Thank you for watching! I appreciate it!
Dawg. You explained that so well in such simple terms. Thank you brother!
I just love the way you say "This is Sunny" haha!! Yeah!! Your explanation is too brilliant. Keep going!!!
This is truly the best explanation on Kerberos that I have seen. Very easy to understand. Thank you!
As a total newbie this helped me a lot. Thank you!
Thank you so much with the clear and consise explaination especially with the shared secret keys which i was confused about. Thank you once again sonny;
I just love your videos, you help me pass my A+ with you perfect explanation and graphics. I feel bad for not paying for your work. Please create some form of a Chanel or upload all these videos on Udemy. You will be a great help to so many students!!!
No better way to explain other than in very simple and straightforward & elaborative way..
Thats a very nice & precise high level explanation for Kerberos. Thank you .
You are welcome!
Sunny always the best. Every topic you cover, you give best shots. Thank you
There is also TGS SESSION KEY included at the first encounter as well as a HTTP SERVICE SESSION KEY at the second one, to ensure even more security
Victor Jozwicki I totally agree I think he said it wrong here, server should have decrypt it and encrypt it.
the best explanation, clear and straight to the point
Superb Explanation Sunny! All the rest I've seen was just confusing.
Another great video Sonny, Thanks!
You are welcome!
This is excellent explanation, thanks you so much for such a simple explanations. I was so confused before watching your video but now it is clear.
WoW .. Network subject is abstract for me, but your videos makes sense out of it. Thank You for your videos.
Quite informational. Wish I would have seen these videos during my collage days (long back)..
Many thanks for your nice comments. I hope my videos are helpful to those who just start studying networking and cyber security.
Sir you explain so well in detail i like your teaching style thank you so much
You are welcome!
Thank you Sunny for this wonderful explaination🤗
Thank you so much sunny sir to provide this video......with the help of this video I can write on examination paper very well.......so thank you so much
You are welcome!
Set the video speed to 1.25 and thank me later :) Nice explanation. Thanks a lot
Don't put unwanted comments, like speed. Slow learning is good for rememberence
sarathbab yes.. Sure you can use the slow learning approach.
I set it to 2x and it worked for me.
I remember better when I learn fast. If I learn slowly I get bored and lose track and forget everything. I watched lectures at 1x and 2x and then tried to write down what I remembered and had a much better recall when I watched at 2x.
@@adityamittal4357 probably because you already had watched it in 1x speed ;) lol
Your examples and explanations are fantastic.
Oh No, I'm here to hear you talk about the dog!
Hi sir first of all thank u for your video..I have one question is that the Token from TGS is encrypted with the new secret key ,then once files server receives the Token that will be "encrypted or de-crypted" from the file server with the shared key which has been sent by TGS? 4:29...
De-crypted it is. It was my mistake.
good catch
Even i was confused for a while! Thanks.
Not gonna lie, I usually avoid all video explanations with a presenter that has a strong accent, it really throws me off. I know it's really just my problem because everyone else doesn't seem to have an issue with it except me. The hardest for me are the ones with Indian accents, just can't do it. Anyways, for the longest time I would see the Sunny classroom videos and just ignore them, but the comments were always so positive I decided to give him a try and boy am I glad that I did. Even with the accent, you have such a great way of explaining things, you really make complex subjects easy to understand which is what a good teacher does. Thank you for making the videos!
Thank you very much, Moises, for your nice and encouraging words. I will do my best! I wish I could speak English better. Many thanks!
Moises, I have a remediation for you. You need to either go to India and learn English in their accents. Secondly try the same to practice with Indian people without going there. I have seen many of my American friends they understand Chinese or Indian accents 100%. It needs some patience, which we had to learn English.
Спасибо, Санни! Очень наглядно, просто и без лишней информации.
THE WAY YOU BREAKS THINGS DOWN MAKES ME BELIEVE YOU ARE THE GREATEST HUMAN BEING LIVING ON EARTH TO THIS DAY.
THANK YOU SIR
You are welcome!
This is really great you just simplified a complex topic for me
Great explanation @Sunny. I was wondering if you would do a quick video on keytabs and principals and why and how are they used. Where are they generated, where are they stored, how they help in automation etc.
Best teacher.. Respect from nepal 🇳🇵🇳🇵
Many thanks!
Great video explanation! It really make you remember and understand the concept of Kerberos! Thanks a lot!
Very nice explanation. Thank you!
Nicely done sir. Wish if you were our lecturer
Thank you very much, sir!
The way of explanation is very good and explanation with practical is so awesome ❣️😇 so i wanna request you to make these notes and upload any your particular website so student able to download your notes and it's could be save time for us 😇❣️🥺thank you so much sir keep it up 🥺❣️
Very Good Explanation about Kerberos, Thank you Sunny.
Many thanks for your encouragement. I will do my best. I hope my videos are helpful.
Extraordinary explanation ever!!!!👌👌👌
I love you man. I never saw such a great explaination.
Just amazing explanation... this is indeed the best video on the topic.. please continue the good work
Very simple but clear explanation, thank you!
perfect animation make the process really easy to understand
Very good and Simple explanation. Thank you.
you are welcome, Tedshhh
love your vids, you always have the best explanations. Thank you :)
I finally understand the concept completely!
Great!
Thank you very much professor Sunny.
Super sunny Great Simple ,effective and throwing detail in short video keep it up
This was super easy to follow and understand, thank you very much!
Best explanation ever. Thank you so much!
Best explanation ever about Kerberos..wow! Thanks a lot.
Im pretty sure there is a small error here. In step 3 the client will decrypt the token, not encrypt since its already encrypted by the TGS according to the video. Thanks again though sunny good video
@Sunny Classroom, there is a mistake in Step 3. You said the file server "encrypts" with the shared key from TGS wheareas you should have said "decrypts", or what?
I think it should be "decrypts".
I was thinking the same
Thank you so much for the great explanation!
Literally the best explanation!!
Nice. Thank you! If you can't explain it in layman terms then you don't understand it enough👌👌👌
Thank you professor, Sunny. You are the best.
Thank you so much!.. I always enjoy your videos and beautiful explanations!
Wow superb simple way explanation tq u so much
So simple and easy to understand. Thanks for the upload
the legendary sunny!!
Thank you for watching!
I like this short explanantion for a start👍.
Very good and simple explanation
Thanks for the great explanation
My pleasure!
Thanks for the clear explanation sir.
It was really a great explanatory video on Kerberos.
best video for Kerberos . Thanks
So nice of you
thank you so much you explanation is very easy to understand its very helpful
You are welcome, Ragh!
Great Explanation. Thanks for sharing the video. it's really very helpful :)
very clear explanation, thank u for sharing
Truly a great explanation! Thanks a lot
You are welcome, uncle Sam!
It's awesome sir great job truly I say ur explanation is very easy to understand. Thnx
Very clear explanation thank you
You are welcome!
Awesome video, thank you so much!
My pleasure!
Sunny thanks for the video. Now understand the internals of KDC. Can you explain the below
1. Who is the client here? When I try to access a website, can I be the client? If so how the AS gets my password in the first place?
2. Also public key encryption not used in the whole explanation. I do see a private key within KDC shared between AS & TGS which I understand, since there is only AS and one TGS in this diagram it is easy to share between them. However I do see a private key shared between TGS and the File Sever which is an outside entity and can be many? How does the TGS & the File Server in the first place get to know the shared secret key? Also this leads to the question if the TGS is serving, let us assume 10000 File servers, then it should have 10000 secret keys in its possession - is my assumption correct?
3. The main use of public key encryption is to reduce the explosion of the number of private keys. But I am not seeing any public key encryption here? - Can you please explain where public key encryption come into picture in the usage of Kerberos?
Please let me know.
great questions.
1) Kerberos is the internal system provided for internal users. Like you try to login to your company's or college's server. It is not a public website. Thus, you, as a client, have login information in the KCD system.
2) the Kerberos system uses private keys (3 pairs) to make sure you are a legitimate user. Here we do not focus on public-key encryption for your request. Thus this system would work with other encryption algorithms. However, when you make a request, private keys are used only. How do they know each other's private keys? Good question. We configure these private keys when we set up the Kerberos. Thus, they already know each other private keys.
3) When the public key is used in this scenario? Before the file server(s) send your file, you and the file server would exchange keys (handshake), then your conversations would be encrypted. by the way, if you have 1000 file servers, you probably need a device called "load balancer" which would act like a proxy, so that you do not have use 1000 private keys. I hope I answer all your questions.
Many thanks for your great questions.
@@sunnyclassroom24 Sunny yes, you answered my question. The moment you said Kerberos is for internal authentication, I got a clear picture of the whole security architecture of your example. Also now you have made me to think the need to use public key in this kind of internal situation, I will ready about load balancer, and hope will understand that. By the way do you have tutor for load balancer?
@@bkbk4726 not yet. I am glad I answered your questions.
Very informative. Thanks for your efforts. It would be very helpful if you could take an example and explain it in detail. That way, things would be crystal clear :)
Good explanation, and the visual helped.
Thanks a lot
Great lecture! Thanks
Thank you and you are welcome!
You're the best Sunny! Your students are lucky to have you. Please let me know if you ever come to London. Lunch on me :)
Thanks a lot. I will call you when I go to London :)
This was an awesome Explanation
I guess one mistake there at step 3. The file server actually DECRYPTS the token with shared key between TGS and itself, in order to allow the access to the user. The video actually incorrectly says 'encrypt'
you are correct. I made corrections below the video. Thank you very much for pointing it out.
I didn't understand the last part where file server receives the token from the client. I understand that this token is encrypted with secret key between file server and TGS. However, there should be a validation process where file server asks TGS whether the token is valid and description of details such as client name and validity of token.
I don't see that step here. Is it omitted or have I mistaken somewhere?
Great explanation
Glad you liked it