Preventing Time Skew with Kerberos
Kerberos is the primary network authentication protocol used in Microsoft domains. It has been the preferred authentication protocol for Active Directory domains since Windows 2000.
After a user has authenticated to the domain with Kerberos, Kerberos is also used behind the scenes to ensure that only authenticated entities can access resources. Kerberos uses a system where users and computers are issued tickets to access resources. A Key Distribution Center (KDC) manages these tickets.
Kerberos uses port 88. Routers within a network infrastructure that is using Kerberos for domain-based user authentication must allow traffic to pass through on port 88.
An important requirement with Kerberos is that every ...
Get Microsoft® Windows® Security: Essentials now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
