kerberos协议
Kerberos was developed at MIT in 1998s. It was named after the three-headed watchdog in classical Greek mythology that guards the gates to Hades. The name is apt because Kerberos is a three-way process, depending on a thrid-party service called the Key distribution center(KDC)to verify one computer's identity to another and to set up encryption keys for a secure connection between them. Basically, kerberos works because each computer shares a secret with the KDC, which has two components: a Kerberos authentication server and a ticket-granting server. If KDC doesn't know the requested target server, it refers the authentication transaction to another KDC that does. Kerberos is a network authentication protocol that allows one computer to prove its identity to another across an insecure network through an exchange of encrypted messages. Once identity is verified, kerberos provides the two computer with encryption keys for a secure communication session. Kerberos authenticates the identity and encrypts their communications through secret-key cryptography. kerberos协议是80年代由MIT开发的一种协议。其命名是根据希腊神话中守卫冥王大门的长有三头的看门狗做的。定名是贴切的,因为KERBEROS是一个三路处理方法,根据称为密匙分配中心(KDC)的第三方服务来验证计算机相互的身份,并建立密匙以保证计算机间安全连接。KERBEROS协议基本上是可行的,因为每台计算机分享KDC一个秘密,KDC有两个部件:一个KEBEROS 认证服务器和一个授票服务器。如果KDC不知请求的目标服务器,则求助于另一个KDC完成认证交易。KERBEROS 是一种网络认证协议,允许一台计算机通过交换加密消息在整个非安全网络上与另一台计算机互相证明身份。一旦身份得到验证,KERBEROS协议给这两台计算机提供密匙,以进行安全通讯对话。KERBEROS 协议认证试图等录上网用户的身份,并通过使用密匙密码为用户间的通信加密。 |