## What is Kerberos? Kerberos is the default authentication protocol in Active Directory. ## How Does Kerberos Work? - Instead of authenticating with passwords on a network, Kerberos uses *tickets*. - When a user wants to log on, they get a *Ticket Granting Ticket* (TGT) from the Domain Controller which acts as the *Key Distribution Centre* (KDC). - With the TGT, you can request a *Service Ticket* (ST) which allows access to services such as file shares, SQL server's, RDP access and more. --- ## In Depth Look at Kerberos 1. `KRB_AS_REQ` (Ask for TGT) - Authentication Service Request. - Client asks the KDC for a TGT. 2. `KRB_AS_REP` (Get TGT) - Authentication Service Reply - The KDC replies with a TGT (encrypted with the KRBTGT account’s key). - The client can’t read the TGT, but it can now use it to ask for service tickets later. 3. `KRB_TGS_REQ` (Use TGT to ask for ST) - Ticket Granting Service Request - The client presents its TGT to the KDC and says, “I’d like to access Service X". 4. `KRB_TGS_REP` (Get ST) - Ticket Granting Service Reply - The KDC responds with a Service Ticket (ST) for that specific service. - This ticket proves to the service that the user is authenticated. 5. `KRB_AP_REQ` (Use ST for Service) - Application Request - The client presents the ST to the target service. 6. `KRB_AP_REP` (Service confirms Authenticated) - Application Reply - The service replies back (OPTIONAL), confirming authentication. ![[Kerberos.png]]