Super E-book library

3. Alice now has a session key for talking with the TGS and
a TGT. She then uses the former for requesting a new
ticket for accessing B; she includes the TGT in the request.
74 The Problem
4. The TGS veri?¬?es the content of the TGT using its own
key and then applies authorization logic on Alice??™s account.
If it turns out that Alice has the right to access B, it
sends back the following data fragments:

A new symmetric session key intended for communications
between Alice and B. Such a key will be
encrypted with the Alice-TGS session key.

The same new symmetric key, this time encrypted
with the secret key of B. This is the client/server ticket
that Alice will attach to communications with B.
5. Finally, Alice is in the position of authenticating herself
with B. She will send a communication to B using the
symmetric session key acquired in the former step, and
she will attach the ticket she just obtained for B.
6. B will verify the content of the ticket presented by Alice,
and if it can provide the requested service, it will start its
session with Alice.
The process is summarized in Figure 1-16.
The preceding sequence purposefully ignores many details,
including the clever usage of timestamps for keeping the protocol
safe from reply attacks and other abuses.


Pages:
119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143