views:

411

answers:

1

Why does Kerberos authentication use T125 protocol? I believe Kerberos authentication behaves this way:

  • Client asks for a ticket to the Kerberos authority
  • The Kerberos authority provides a Ticket to the client
  • The Client tries to authenticate towards a Server and sends to the server this Ticket.
  • The Server verifies the Ticket is OK with the Kerberos Authority, and authenticates the Client.

Now, where, in this process, is used T125 and why?
And does the Client send the Ticket any time it tries to access (e.g: for each HTTP GET page) to the Server and the Server checks this Ticket any time, or is it just once at the beginning of the "conversation"?

Thank you!

+2  A: 

Not familiar with T125, but your Kerberos flow is off a little.
Roughly:

  1. User authenticates to KDC (Kerberos authority)
  2. KDC grants user a TGT (ticket granting ticket)
  3. user tries to access server
  4. Server demands server ticket, sends user some info (to identify the server)
  5. user asks KDC for ticket for server, sends TGT and server info
  6. KDC issues server ticket to user
  7. User submits server ticket to user on every access.

I know I didnt directly answer your T125 question, but I hope this helped anyway.

AviD
I did a little research and couldnt find anything t125 to do with Kerberos. Where did you get that bit from?
AviD
While checking some traces I had T125 traffic that seems to be part of the Kerberos authentication... I'm not sure, though, and you're maybe right that Kerberos doesn't use it :-)
Layla
Curious, did you figure out what the T125 was?
AviD