naresh

• Jul 24th, 2005

 

what is the differnce between the terminal service and vncsoftware

vasugr

 Profile Answers by vasugr 

• Oct 18th, 2005

 

it is an authentications protocol.

deven.pawar

 Profile Answers by deven.pawar Questions by deven.pawar

• Jul 18th, 2007

 

Kerberous Protocol is used for an auntehentication.
kerberous keep one copy of authentication list to itself and one copy remain to a
Server. Even if a server down then through Kerberos protocol that user can log on to server.

Kerberos is designed to address the problem of authentication in a network of slightly trusted client systems. By slightly trusted, I mean that the servers will not simply take the client's word that a particular user has logged in. On the other hand, some level of trust is implicit; the clients are expected not to steal the user's passwords themselves.

KG

• Oct 16th, 2007

 

Kerberos is a network authentication protocol which allows individuals communicating over an insecure network to authenticate to themselves in a secure manner.Kerberos makes use of the Key Distribution Center (KDC) which consists of two logically separate parts -1. an Authentication Server (AS)2. a Ticket Granting Server (TGS)Kerberos works on the basis of tickets which serve to prove the identities of users.The KDC maintains the db of secret keys. Each entity on the network - whether a client or a server - shares a secret key which is known only to itself and to the KDC. Knowledge of this key serves to prove the entity's identity. For communication between the two entities, the KDC generates a session key which they use to secure the interactions.However, there are certain drawbacks to Kerberos.a. Kerberos requires continuous availability of a central server. When the Kerberos server is down, no one can log on. This issue can be resolved by using multiple Kerberos servers.b. Kerberos requires the clock of the involved hosts to be synchronized. This is important because the tickets have time availability period and if the host clock is not synchronized with the clock of Kerberos server, the authentication with fail. For this, NTP daemons are used to keep the host clocks synchronized. Password changing is not standardized and differs between server implementations.Thanks.

puneet chawla

• Nov 4th, 2007

 

KC comment is correct.Apart from KC comment the error message that comes on the client of an AD is that Domain Controller is unavailable when Kerberos Authentication server(AD) is down.