[19547] in Kerberos
Purpose of Server Public/Private Key??
daemon@ATHENA.MIT.EDU (Jake Mudau)
Thu Jul 10 21:20:43 2003
From: "Jake Mudau" <someone@someplace.com>
Date: Fri, 11 Jul 2003 02:36:19 +0200
Message-ID: <bel0ne$oim$1@ctb-nnrp2.saix.net>
To: kerberos@MIT.EDU
Errors-To: kerberos-bounces@mit.edu
Hi, I am new to kerberos and would appreciate some help understanding some
basics:
What is the purpose of having a server public/private key architecture? I
mean, when a user needs to be authenticated, the following is quite
sufficient [or is it :)]:
1. UserID passed in plain-text to server;
2. Server submits an encrypted "challenge"-plus-unique-session_id with the
user's password back to client;
3. Client decrypts challenge from server with password and conducts
pre-defined scrambling (not encrypting) of plain-text;
4. Client encrypts scrambled plain-text with unique session_id and sends
back to server;
5. Server decrypts with previously sent unique session_id and confirms
correctness of scrambled challenge. If ok, client authenticated and new
session_id passed for rest of the client's operations.
Each client is given its own unique session_id and the server knows which
client it is by the session_id.
Can someone please help me understand why we then need server private and
public keys (and why they have to travel as part of the authenticator)?
Many thanks
JM
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
