[3303] in Kerberos
Re: Secure telnet session
daemon@ATHENA.MIT.EDU (wwatson@danaan.MIT.EDU)
Fri May 20 01:14:49 1994
To: kerberos@MIT.EDU
Date: 17 May 94 15:44:31
From: wwatson@danaan.MIT.EDU
Reply-To: wwatson@danaan.MIT.EDU
While it's possible to explain it in plain english it's not simple.
First a kerberos server has to exist and know about you and the host you want to talk to. Second a kerberized telnet has to replace the telnet on both your machine and the host you want to talk to. If all this is in place (no small ta$k) a kerberized telnet session happens as follows:
1. You run kinit which asks the kerberos server if it knows about you.
2. the kerberos server will ask you for a password.
3. If the KDC (kerberos server) knows you and you get your password right, the KDC will give you a Ticket Granting Ticket - ie. permission to ask for tickets to talk to a kerberized application (telnet).
4. You telnet to the host. telnet on your machine goes to the KDC and asks for a unique key for this telnet session.
5. The KDC gives you a session key.
6. telnet contacts the host you want to talk to and says "I want to talk to you. The KDC (whom you trust above all others in the world) says I'm Ok and here is our shared session key."
7. The host says Ok, stashes the session key so it knows how to decrypt the information you send and gives you a login.
8. You login and do whatever you need. Any information that you send or receive is encrypted and decrypted based on the session key. When you logout the session key is no longer valid. If you need to telnet again steps 1-7 happen all over again with a new and different session key.
This is all a very high level of process explanation. Please no flaming over specific implementation details. I'll gladly answer those but that is outside of the scope of the posters question.
will.watson@mccaw.com
"Just because you are paranoid does not mean that they
are not out to get you"
