MicroNugget: How Kerberos Works in Windows Active Directory | CBT Nuggets
Рет қаралды 389,232
Күн бұрынStart learning cybersecurity with CBT Nuggets. courses.cbt.gg...
In this video, CBT Nuggets trainer Don Jones walks through how Kerberos works in Active Directory for Windows networks. Learn more about what Kerberos is and how it works with this MicroNugget video from CBT Nuggets.
Kerberos is the native authentication protocol in Active Directory. It's used by Windows networks everywhere. Understanding Active Directory’s more advanced concepts, like delegation, depends on understanding what’s happening under the hood in Kerberos.
Any time authentication is necessary, there are three players: the client making the request, the file server that contains the information, and the KDC or Key Distribution Controller.
In Kerberos, there’s no communication between the file server and the KDC. Because the client takes on the majority of the processing burden. That distributes the authentication workload across the network, securely.
First, the client constructs an authenticator, a package that establishes who the client claims to be, along with the date & time. These authenticators, and the tickets that will follow, have a limited lifespan.
Watch and see how the authenticator gets processed by the KDC, where the ticket-generating ticket (TGT) is stored on the client's machine, and how that TGT grants it access to various resources.
0:25: 3 different parties in authentication
1:25: What happens when a client attempts a secure log-in
3:10: A ticket-granting-ticket (TGT)
5:00: When a ticket is generated by the KDC
5:30: When a client sends a request to a file server
6:50: Overview
🌐 Download the Free Ultimate Networking Cert Guide: blog.cbt.gg/g8ch
⬇️ 13-Week Study Plan: CCNA (200-301): blog.cbt.gg/b41w
Start learning with CBT Nuggets:
• All Windows Server 2008 | courses.cbt.gg...
• Microsoft Server 2019 Essentials | courses.cbt.gg...
• Microsoft Windows Server 2016 Identities (70-742) | courses.cbt.gg...
@fabriceniclot4262 9 жыл бұрын
the best explanation of kerberos I have ever seen! Thank you.
@nonsougwu8040 7 жыл бұрын
I concur!!!
@thearavind451 6 жыл бұрын
About to comment the same
@LundeSite 5 жыл бұрын
@@nonsougwu8040 hear! hear!
@lankasiriya 5 жыл бұрын
yes. it is. same for me.
@Wildguy6664 5 жыл бұрын
And the simplest.
@michaelboyd9183 Жыл бұрын
I must have watched half a dozen different videos over the last two days trying to wrap my head around Kerberos. Not a single other video mentioned the Kerberos Tray, or the CLI tool for the end user. This is BY FAR the BEST explanation I have found, bar none!! Fantastic job!!!
@cbtnuggets 11 жыл бұрын
We are glad you enjoyed this MicroNugget Joe!
@stevenkim6869 5 жыл бұрын
if every concept in computing and computer networking was taught as kerberos is explained here, we would all be experts in no time
@richardarmstrong-finnerty3140 3 жыл бұрын
Excellent. No fluff; just solid information, presented engagingly.
@cbtnuggets 3 жыл бұрын
Much appreciated!
@cbtnuggets 11 жыл бұрын
We're glad we could help you understand Kerberos.
@decidocisum 2 жыл бұрын
This video has 358,000 views and only 7,000 likes. People really do suck and are not appreciative. Thank you for this CBT, great explainer.
@lltagged 3 жыл бұрын
Fantastic explanation of Kerberos. Wish Don Jones was still doing IT training.
@spyane86 3 жыл бұрын
Best video on Kerberos on KZbin !
@thexavier666 8 жыл бұрын
This is the easiest presentation of the lot. Thanks a bunch!
@jasi1650 4 жыл бұрын
A great guy, Mr. Rob Z, brought me here. Thank you. Great video and explanation! Thank you Don Jones.
@SyedSAli-kn8sw Жыл бұрын
To the point, clear explanation. Best so far i have seen
@rohitslash 10 жыл бұрын
Thank you. I am not much into kerberos & was looking for some tutorials that can help me understand the same. Came across this video which helped me understanding kerberos funda's in a very simple way. Thank you once again.
@cbtnuggets 10 жыл бұрын
rohit uppal You are welcome! Make sure to visit our channel again if you have any future questions. We have over 500 free tutorial videos available that may just help answer your question.
@Antislm 7 жыл бұрын
This is not exactly how this happens. Like the first request is always plain text from the client to the Authentication service of the KDC and subsequent communication between client and TGS.
@t-mac1236 8 жыл бұрын
wow so clear and concise. Dont know why others cant explain it like this.
@Franganito 5 жыл бұрын
I'm trying to implement a Windows Authentication - Kerberos - Webcenter Content solution and, for starters, this gave me a clear explanation of what Kerberos does in between. Thank you!
@zinstein007 8 жыл бұрын
Excellent. Clearly spoken and presented in a visually descriptive way.
@LILBIRKI 5 жыл бұрын
WOW! I have spent hours trying to figure out how kerberos works and boom... 7 minutes later it all makes sense. Thank you so much!
@srikeshmaharaj 7 жыл бұрын
The BEST explanation by far... Love the colours used, makes it easier to understand!! Please upload more using this fantastic training method.
@Samuel126891 3 жыл бұрын
no one could ever make this easier than you sir.
@samueltsadiq1222 3 жыл бұрын
This is the best explanation I have come across. Excellent and well done
@cbtnuggets 3 жыл бұрын
Glad it was helpful, Samuel! Thanks for watching and sharing the feedback!
@Van_Verder 2 жыл бұрын
Watching in 2022, still helpful. Thx!
@bimanroy8865 5 жыл бұрын
The best inllustration so far
@2533honey 5 жыл бұрын
Very informative and the best explanation on kerberos I have seen. Thank you very much!
@michaelorther1384 7 жыл бұрын
What a beautiful explanation of kerberos
@nastanasta7517 Жыл бұрын
The best explanation I've ever seen! Thank you!
@aliqureshi2227 6 жыл бұрын
This is definitely the best explanation of Kerberos I have ever seen. Great job and Thank you.
@cozmicmojo2181 7 жыл бұрын
This is so much better than most of the other Kerberos clips out there. Thank you!
@alexj4725 4 жыл бұрын
Superb explanation. Well articulated and nicely demonstrated using the flow diagram
@nadercarun 7 жыл бұрын
Amazing, you explained an extremely complicated subject with brilliant clarity. Much, much appreciated.
@ggwp.indians 3 жыл бұрын
Wow now I can write something in my exam surely remember those pink blue and green keys did the job
@MattMelon519 4 жыл бұрын
As a visual learner, this helped me so much. Thanks!
@cbtnuggets 4 жыл бұрын
Glad it helped!
@Andrey-ny2dv 6 жыл бұрын
clear + clear accent. Thanks, buddy
@jaycee7608 8 жыл бұрын
Straightforward concept explanation without having to delve on the technical portion. Great job!
@badiselaffifi1832 4 жыл бұрын
the best explanation of kerberos I have ever seen! Thank you.
@cbtnuggets 4 жыл бұрын
Wow, thanks!
@SchoolMindsDaily 9 жыл бұрын
that was amazing video .... ohhh my god! you don't know how much time I spent to learn the concept of Kerebros thanks
@rabbitfetus5706 7 жыл бұрын
derka derka derka
@IamKnighthawke2k 10 жыл бұрын
Wonderful training video. Thanks for taking time to make it!
@cbtnuggets 10 жыл бұрын
Of course! Thanks for the kind words.
@UncommonNews777 5 жыл бұрын
Thanks a bunch. I think I get it now. This should help me with the Net + exam. I really appreciate it.
@HarshKumar-me6ds 7 жыл бұрын
absolutely awsome explaination.. saved 10 pages of time.
@sponrathnam 4 жыл бұрын
Best explanation ever. Thank you.
@ppvshenoy 3 жыл бұрын
Awesome explanation, Don. Thanks very much.
@prasanth029 7 жыл бұрын
Killed the kerberos topic with ease.
@sniolen 9 жыл бұрын
This cleared up what was otherwise a murky topic for me. Thank you!
@avyukta-arts3062 5 жыл бұрын
Awesome Video sir , I have seen so many videos related to Kerberos Authentication but this is something different . i really enjoyed videos .....
@danattarxelnaga1336 8 жыл бұрын
Awesome, thank you very much. I had to do the presentation for my final apprenticeship's work and had a part about Kerberos. I have read about this protocol, but with this video, I understood directly all I needed to know. Thanks a lot!
@flottefar 7 жыл бұрын
Best kerberos ticket explanation. Thanks. A note: You don't have to download 'kerbtray'. You can just type 'klist' and view cached tickets. Have fun.
@OBmaster 5 жыл бұрын
Awesome!! I I didn't know I had so many tickets on my system.
@tvalchev 8 жыл бұрын
Getting ready for my S+ I needed some visual explanation. Thank you for breaking down this so simple.
@AdaEstherGJ 3 жыл бұрын
This was beautiful explained. Thanks!
@prafuldalvi2586 Жыл бұрын
This is the best explanation. Do not search for any other video.
@skillupwithm.e.6918 3 жыл бұрын
I echo the sentiments of others in this thread. That was great!! Thank You
@furqanmir9660 4 жыл бұрын
Better than the other videos on KZbin, but not fully correct
@happinin 9 жыл бұрын
very perfectly explained thank you. you saved my ass from a lecturer that doesnt know how to explain things very well
@tripsd5929 6 жыл бұрын
Just to clarify all : When a user logged on, the Kerberos client on the user's workstation accepted the password from the user and converted it into an encryption key by passing the text through a one-way hash function. The resulting hash was the user's master key. The client used this master key to decrypt session keys received from KDC. So, the user password is hashed. The hash is used as the key. Now DC will also have the same hash of the user password. The DC will lookup the user, find it's hash, use it as the key and decrypt the authenticator file. Hence, symmetric encryption is used with hash of user password as the key. - Reference: msdn.microsoft.com/en-us/library/windows/desktop/aa380510(v=vs.85).aspx
@venkateshnambi1576 2 жыл бұрын
Thanks for clearing the doubts.. I was confused with the password and shared secret key.. my last doubt is the shared secret key mentioned in Kerberos is nothing but the password which is in encrypted form? Am I right? Or both are different.
@עידונאמני 7 жыл бұрын
very simple and informative. thank you
@AmberleyIT 11 жыл бұрын
Fantastic as always
@taliskergjs 6 жыл бұрын
Pellucid explanation and good video. Thank you.
@paulus3211 7 жыл бұрын
Wow, great work! could not get any more clear than this. Thanks!!
@epacke 6 жыл бұрын
Fantastic. Thank you for doing this one.
@8123749551 7 жыл бұрын
excellent short and simple
@johnpitchko 8 жыл бұрын
What is the risk that a malicious user could intercept the TGT returning to the client, and use that to request tickets for the file server?
@MeshackMusangi 6 жыл бұрын
From what I have read and understood about Kerberos 1.Client requests for key from KDC 2. KDC responds with a session key- encrypted with clients password 3. Clients decrypts package and gets session key which is then stored in memory 4. Clients asks to access File server from KDC, KDC responds with a ticket to the file server (ticket to the file server is encrypted using the file servers password and it contains users details and what the user can access- this entire payload is encrypted with the session key 5. Client receives ticket from KDC and decrypts it using the session key in memory, gets ticket to the File server 6. Client sends ticket to file server decrypted from above 7. File server receives ticket from client, decrypts it using its password and gives access to user. So to answer your question, a malicious users wouldn't be able to intercept the TGT returning to the user, they would instead intercept the response that is encrypted with the session key which they wouldn't be able to decrypt and thus use. I believe the session key is unique for every user on the domain.
@moshet842 6 жыл бұрын
Step 2 is wrong. The session key/TGT is encrypted using the KDC password. The client does not need to decrypt it, only needs to have it as an ID to get a file server ticket at a later point. In other words, your step 2 is an extra step that works in theory, but is unnecessary. The session key is encrypted anyway. It is like putting a package in a box and then into a bigger box.
@OBmaster 5 жыл бұрын
There is no risk. It is basically using asymmetric encryption. Unless a Private key is compromised, it will maintain confidentiality.
@shyamankinapalli197 4 жыл бұрын
OBmaster it’s not Asymmetric.
@nikolu9560 6 жыл бұрын
讲的真好,清晰明了。 Crystal clear, Mr instructor.
@heenriko356 11 жыл бұрын
Thank you so much! Very good explanation
@VeteranOfpeace Жыл бұрын
CNIT 242 made me watch this :)
@Frusciante1221 10 жыл бұрын
If you can't explain it simply, you don't understand it well enough. And you sir definitely understand it more than enough :) Thank you
@weldsj8847 8 жыл бұрын
Great explanation and done in a timely manner. Thank you!
@raghavendran4094 7 жыл бұрын
Neatly explained. Thank you
@rajatagarwal2379 8 жыл бұрын
Thanks you very much for this apt explanation .Kudos!!
@angshumanadhikary282 8 жыл бұрын
Thank you Sir for such a good analysis and explanation.... It really helps....
@cbtnuggets 11 жыл бұрын
Good luck! Let us know how your exam goes.
@siddharthmenon246 6 жыл бұрын
Brilliantly explained. Thank you!
@sen_dil 10 жыл бұрын
Excellent video, thank you so much for the crystal clear explanation
@danimoosakhan 5 жыл бұрын
You should at least mention AS and TGS server. Need more detail.
@jamesflorez5867 8 жыл бұрын
great!! presentation! straight understandable well done!!! Thank you
@joeylee7740 3 жыл бұрын
Thank you Don and CBT Nuggets! This is definitely one of the best simple high level illustrations of kerberos! Those colored keys really did it for me!
@AdamMalesevic 6 жыл бұрын
This was really clear explanation, thank you for that!
@preetisharma4381 7 жыл бұрын
very well explained ! Thanks.
@viralsheth9167 9 жыл бұрын
Very nice presentation! Thank you for sharing your knowledge. It was indeed useful.
@ekaterinaboone6317 2 жыл бұрын
Thank you very much! I enjoy your video!
@cbtnuggets 11 жыл бұрын
You're welcome! Make sure to leave a MicroNugget request in the link in the description if you would like a topic explained by one of our trainers!
@melvin16 4 жыл бұрын
Clear explanation. Thanks
@cbtnuggets 4 жыл бұрын
Glad it was helpful! Thank you, Melvin. :)
@cbtnuggets 11 жыл бұрын
Thanks for the comment. We are glad we could help out.
@mouhannadoweis7605 3 жыл бұрын
Is there a CBT Nuggets course on Kerberos?
@TheSinned19 10 жыл бұрын
Wow English is not my native language and i'm not really good in english. But this video help me a lot. especially the good visualization! Thank you! It would help me for my exam :)
@ranik8890 8 жыл бұрын
many thanks - very well explained
@jahanvikhedwal1107 6 жыл бұрын
Super awesome explanation..keep making more videos
@obaonikeemmanuel6169 4 жыл бұрын
Thank you so much you are the best
@cbtnuggets 11 жыл бұрын
You can submit this question as a MicroNugget request for to be made from the link found in the above description.
@PineNutButter 10 жыл бұрын
love your video. thank you.
@venkeileo 8 жыл бұрын
Thanks mate, very clear explanation, Do you have videos for SPNs and how the delegation works.
@Jennielync 3 жыл бұрын
thanks! now i finally get it
@charlesalmadi9665 2 жыл бұрын
Well explained
@suv1122 11 жыл бұрын
Thank you very much....
@sarwarcseju 8 жыл бұрын
Really helpful, appreciate your effort :)
@timsu91 11 жыл бұрын
I think until the ticket has expired, an attacker could use the green ticket to communicate with the file server. Therefor the client authenticated, that he is the real client. So an attacker would have to get 1. the request of the client, 2. the answer of the server
@cbtnuggets 11 жыл бұрын
Hey there, What exactly are you confused about?
@prasannakirtani7664 5 жыл бұрын
nicely explained
@selfseeker1729 5 ай бұрын
This is awesome stuff
@thenewido 6 жыл бұрын
Why does the video say you get the TGT and then u send it back to the KDC for the TGS? I saw other explanations where they say you get the TGT together with the TGS - 2 messages.
@Hambone6 6 жыл бұрын
So good!
@vash47 9 жыл бұрын
excellent video
@maziarkaveh 11 жыл бұрын
Thank you , Awesome
@cbtnuggets 11 жыл бұрын
You are welcome! If you want us to cover a topic, make sure to submit it to the link found in the description.
ГИПЕРБОРЕЙ
Рет қаралды 602 М.