Authenticates a user by any means or various means and gives a ticket. This ticket goes around
Satya - Monday, August 01, 2005 9:20:08 AM
User/Service communication
User wants to talk to service
User sends the details kdc
The details is locked and sent
kdc sends a locked box with server details to back to user
user sends that box to server
Both have session keys
They can talk to each other
annonymous - Monday, August 01, 2005 9:23:01 AM
Explain the double lock puzzle
Write this puzzle down
annonymous - Monday, August 01, 2005 9:25:16 AM
Session keys
Each conversation takes place in its own session.
annonymous - Monday, August 01, 2005 9:34:06 AM
GSSAPI
Does it have language bindings. There is a kerberos plugin for it
annonymous - Monday, August 01, 2005 9:39:52 AM
LDAp
Optimized for reads
Can use relational backends
openldap open source implementation
runs on linux
Secure authentication
Satya - Monday, August 01, 2005 9:41:49 AM
sasl
Simple authentication and security layer
Carnegie mellon
ldap supports sasl
Satya - Monday, August 01, 2005 9:50:11 AM
SSL and TLS
Netscape ldap going open source
tls is replacing ssl gradually
Satya - Monday, August 01, 2005 9:56:34 AM
Active directory
combination of ldap and kerberos
kerberos has built in replay attack safety
Authorization is integrated into ticketing
Satya - Monday, August 01, 2005 9:59:43 AM
Samba
provides file sharing for windows clients on unix boxes