Installing and Administering Internet Services

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software

341

342

343

344

345

346

347

348

349

350

342 Chapter 11

Secure Internet Services

Overview of the Secure Environment and the Kerberos V5 Protocol

When users invoke one of the Secure Internet Services, they enter the

usual command along with any desired command options.

From a user’s perspective, using the Internet Services with the

Secure Internet Services mechanism enabled is virtually identical to

using them without the mechanism enabled. The only difference is

that the user is not prompted for a password. If the Kerberos V5

authentication and authorization succeed, the command succeeds and

the details are transparent to the user.

Although it is not visible to the user, more is going on.

3. When a user invokes a Secure Internet Service, the client contacts the

ticket granting service (TGS) portion of the KDC. The client

passes along to the TGS the TGT, the name of the application server

(remote host), and an authenticator. The authenticator is a record

containing information that can be shown to have been recently

generated using the session key known only by the client and the

server. The encrypted authenticator is generated from the session key

that was sent with the credentials from the AS.

4. The TGS generates new credentials that both the server and client

use to authenticate each other. The TGS sends back to the client a

new session key, called the sub-session key, that is encrypted in the

old session key. The TGS also sends back to the client a ticket, called

a service ticket. The service ticket contains a copy of the sub-session

key and is encrypted in the target server’s secret key. The secret key

is an encryption key shared by a principal and the KDC. These

encrypted keys are stored in the KDC’s principal database. A secret

key has a relatively long lifetime as compared to the relatively short

lifetime of a session key.

The same TGT can be used to obtain multiple service tickets.

5. The client then sends to the application server the service ticket and

a new authenticator encrypted using the sub-session key. The

application server decrypts the service ticket with its own secret key

and extracts the sub-session key. This sub-session key is now a

shared secret between the client and the application server.

6. At the client’s request, the application server can also return to the

client credentials encrypted in the sub-session key. This implies a

mutual authentication between the client and the application server.

This optional Kerberos V5 mutual authentication step is performed in

each of the Secure Internet Services.