70 likes | 335 Views
Kerberos Authentication for Multi-organization. Cross-Realm Kerberos Authentication. User sent request to local Authentication Server Local AS shares cross-realm key to verifier's authentication server(VAS) Local AS sent TGT to client User request a session key with his/her TGT
E N D
Cross-Realm Kerberos Authentication • User sent request to local Authentication Server • Local AS shares cross-realm key to verifier's authentication server(VAS) • Local AS sent TGT to client • User request a session key with his/her TGT • VAS Lookup the cross-realm key • The VAS grant client with the session key
Authorization with Kerberos • Kerberos does not itself provide authorization, but V5 Kerberos passes authorization information generated by other services. In this manner, Kerberos can be used as a base for building separate distributed authorization services. (implement in the future)