Active Directory Authentication

Question 1

What is the default authentication method for windows networks

Answer 1

Kerberos

Question 2

What are tickets?

Answer 2

Proof of prior authentication used to authenticate to services

Question 3

What is KDC and where does it run?

Answer 3

Key Distribution Center
Domain Controller responsible for generating tickets

Question 4

What is a TGT and what is it used for?

Answer 4

Ticket Generating Ticket
Used for requesting additional tickets to access specific services

Question 5

Why do we use TGTs?

Answer 5

So user authentication doesn’t have to be passed for each authentication

Question 6

TGT request: What does the user send the KDC

Answer 6

Username and a time stamp that is encrypted using a user-password based hash

Question 7

TGT request: What does the KDC send the client?

Answer 7

A TGT encrypted using the krbtgt account-password based hash and a session key encrypted with the users password-based hash

Question 8

TGS request: What does the user send the KDC?

Answer 8

Username & timestamp encrypted with the user’s session key ( rec’d from krbtgt), the TGT (rec’d from krbtgt) and an SPN

Question 9

What is an SPN?

Answer 9

Service Principal Name
Sent by the client to request a specific service as part of a TSG request

Question 10

TSG request: What does the KDC send the client?

Answer 10

A TSG encrypted by the Service Owner’s hash and a Service Session Key which is then decrypted by the Client’s Session Key

Question 11

What happens as part of the client’s service authentication request?

Answer 11

The client sends its username and time stamp encrypted by its service session key and TSG, which is then decrypted by the Service owner hash.