PreviousNext

Components of the Secure Environment

The security server, which is the trusted host to which security clients authenticate themselves, is referred to as the Key Distribution Center (KDC). The DCE Security Service fulfills the role of the KDC.

Security clients are hosts that run the secure remote utility clients and daemons. Security clients communicate with the security server for authentication. The two types of security clients are application clients and application servers.

Application clients can run the secure remote utilities rcp, rlogin, and rsh. The Kerberos utilities kinit, klist, and kdestroy also run on the application client. In some cases, an application client is referred to as a local host.

Application servers can run the secure remote utility daemons rlogind and rshd. In some cases, an application server is referred to as a remote host.

The secure remote utility takes the following steps to be authenticated by the KDC:

1. The user first issues the kinit or dce_login command to the KDC and obtains a ticket-granting ticket (TGT) from the authentication server (AS) portion of the KDC.

2. When the user invokes one of the secure remote utilities, the client requests a service ticket from the ticket granting server (TGS) portion of the KDC. As part of the request, the client sends to the TGS the acquired TGT, the name of the application server (remote host), and an encrypted authenticator.

The same TGT can be used to acquire multiple service tickets.

3. The TGS generates new credentials that both the server and client use to authenticate each other. Included in the TGS credentials is a subsession key, which is a new key that is an encrypted form of the old session key that the client sent to the TGS. Also, the TGS sends the requested service ticket to the client. This ticket holds a copy of the subsession key and an encrypted form of the target server's secret key.

4. The client sends to the application server the service ticket and a new authenticator that is encrypted with the subsession key. The application server decrypts the service ticket with its own secret key and extracts the subsession key. This subsession key is now a shared secret between the client and the application server.

5. At the client's request, the application server can also return to the client credentials encrypted in the subsession key. This implies a mutual authentication between the client and the application server. This optional Kerberos V5 mutual authentication step is performed in each of the secure remote utilities.