which reason are clocks used in Kerberos authentication?

For which reason are clocks used in Kerberos authentication?

For which reason are clocks used in Kerberos authentication?

A.
Clocks are used to ensure that tickets expire correctly.

B.
Clocks are used to both benchmark and specify the optimal encryption algorithm.

C.
Clocks are used to ensure proper connections.

D.
Clocks are used to generate the seed value for the encryptions keys.

Explanation:

The actual verification of a client’s identity is done by validating an authenticator. The authenticator
contains the client’s identity and a timestamp.
To insure that the authenticator is up-to-date and is not an old one that has been captured by an
attacker, the timestamp in the authenticator is checked against the current time. If the timestamp is
not close enough to the current time (typically within five minutes) then the authenticator is
rejected as invalid. Thus, Kerberos requires your system clocks to be loosely synchronized (the

default is 5 minutes, but it can be adjusted in Version 5 to be whatever you want).
Reference:
http://www.faqs.org/faqs/kerberos-faq/general/section-22.html



Leave a Reply 0

Your email address will not be published. Required fields are marked *