2. Acronyms Introduction….
• AS – Authentication Server
• TGS – Ticket Granting Server
• TGT- Ticket Granting Ticket
• (Encrypted Item)by
• Kc- Client Key
• Kf- File server Key
• Kdc- Kerberos dist. centre key
• S1(<>Kdc), S2(<>Kf) – Session
keys
Client
Kerberos Distribution Centre
HDFS Resource -storage
3. Client
abc Kc
Kerberos Data Centre
User
Name
Data(Kc)
abc @#$$%
Kdc
Kc
Kf
(Resource)
HDFS
Kf
AS
TGS
Kdc – Kerberos DC key, Kc – client Key, Kf – File server (HDFS) Key
Are local secret key which never travel over NW
S1 & S2 – Session keys which travel over NW
(TGT Req)Kc
{(TGT)Kdc + S1}Kc
[AUTH.obj+(TGT)Kdc+Acc Req]S1
TGT intact ->
Process Req
{(Service TKT)Kf+S2}S1
(ServiceTKT)Kf+AUTH.
obj+S2
ServiceTKT
intact, req OK
Send ACK- access
granted
User AUTH ok