Kerberos协议的实现.ppt

* 3.2 Flag标志： FORWARDABLE FORWARDED 告诉TGS，根据这个TGT，发出一个地址不同的新ticket FORWARDED表明这个ticket是一个forwarded ticket 其实也是proxy的一种情形 可以完全代替客户的身份 一个用途 在跨域认证的时候，客户可以把这样的ticket出示给其他域的TGS，这使得客户可以访问其他域的服务器 * 3.2 客户端程序kpasswd 修改口令 shell% kpasswd Old password for david: - Type your old password. New Password for david: - Type your new password. Verifying, please re-enter New Password for david: - Type the new password again. Password changed. shell% 该口令受到 安全策略的保护 * 3.3 Kerberos应用: telnet shell% telnet Trying ... Connected to . Escape character is ^]. ? NetBSD/i386 (daffodil) (ttyp3) ? login: david Password: - david types his password here Last login: Fri Jun 21 17:13:11 from Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. ? NetBSD 1.1: Tue May 21 00:31:42 EDT 1996 ? Welcome to NetBSD! shell% * 3.3 Kerberos应用: rlogin shell% rlogin -l david Password: - david types his password here Last login: Fri Jun 21 10:36:32 from :0.0 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. ? NetBSD 1.1: Tue May 21 00:31:42 EDT 1996 ? Welcome to NetBSD! shell% * 3.3 Kerberos应用: ftp shell% ftp Connected to . 220 FTP server (Version 5.60) ready. 334 Using authentication type GSSAPI; ADAT must follow GSSAPI accepted as authentication type GSSAPI authentication succeeded Name (:jennifer): 232 GSSAPI user jennifer@ATHENA.MIT.EDU is authorized as jennifer 230 User jennifer logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp protect private 200 Protection level set to Private. ftp cd ~jennifer/MAIL 250 CWD command successful. ftp get RMAIL 227 Entering Passive Mode (128,0,0,5,16,49) 150 Opening BINARY mode data connection for RMAIL (361662 bytes). 226 Transfer complete. 361662 bytes received in 2.5 seconds (1.4e+02 Kbytes/s) ftp quit shell% * 3.3 其他Kerberos命令 kdestroy rsh ksu rcp * 3.4 Ker