Which of the following authentication services requires…

Which of the following authentication services requires the use of a ticket-granting ticket (TGT) server in order to complete the authentication process?

Which of the following authentication services requires the use of a ticket-granting ticket (TGT) server in order to complete the authentication process?

A.
TACACS+

B.
Secure LDAP

C.
RADIUS

D.
Kerberos

Explanation:
The basic process of Kerberos authentication is as follows:
The subject provides logon credentials.
The Kerberos client system encrypts the password and transmits the protected credentials to the KDC.
The KDC verifies the credentials and then creates a ticket-granting ticket (TGT–a hashed form of the subject’s password with the addition of a time stamp that
indicates a valid lifetime). The TGT is encrypted and sent to the client.
The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos realm.
The subject requests access to resources on a network server. This causes the client to request a service ticket (ST) from the KDC.
The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST includes a time stamp that indicates its valid lifetime.
The client receives the ST.
The client sends the ST to the network server that hosts the desired resource. The network server verifies the ST. If it’s verified, it initiates a communication
session with the client. From this point forward, Kerberos is no longer involved.
Incorrect Answers:
A: TACACS+ makes use of Kerberos as an authentication mechanism.
B: Lightweight Directory Access Protocol is used to allow clients to interact with directory service resources. Secure LDAP is the implementation of LDAP using
security, such as protected authentication and encrypted data exchanges, specifically provided by SASL.
C: Radius does not make use of tickets.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 270- 275.



Leave a Reply 0

Your email address will not be published. Required fields are marked *