ࡱ> ED%(  > r^http://www2.xerox.com//downloads/dc01cc0258.pdf"KLPRMonKLPKLPRLINK LINK/ 00DArialngsRoLv 0( 0DGaramondRoLv 0( 0 DTimes New Romanv 0( 00DWingdingsRomanv 0( 0 `0.  @n?" dd@  @@`` L7        0AA@8]ʚ;ʚ;g4gdgdv 0@ppp@ <4dddd` 0L <4!d!d 0L0___PPT10 ___PPT9 ?  %B"Kerberos Interoperability Project ##.PART I Services*Printing Services Step 1: Hardware Support++&Google Manufacturers -Canon (nothing on the web) -HP (nothing on the web) -Toshiba (nothing on the web) -Minolta (nothing on the web) -Xerox (found Kerberos support) http://www2.xerox.com//downloads/dc01cc0258.pdf(4!0*Printing Services Step 2: Hardware Support++& E-mail Development Personnel in Printing Companies Responses so far: -Minolta does NOT Support Kerberos -Canon does NOT Support Kerberos Conclusion -Xerox (so far) is the only one who has built in Kerberos Authentication75Printing Services Step 3: Software Printing Protocols66&KLP: MIT developed this package for Windows 2000 and XP printing on Unix Print Servers KLPR: MIT Developed for printing on Unix Operating Systems KLPRMon: CMU Developed for Windows Operating Systems !0!0_c!0)Cisco IOS Services: Step 1: General Info.**&Earliest Cisco IOS to support Kerberos is 11.3 Following Network Services Supported by Kerberos capabilities in Cisco IOS software: telnet, rlogin, rsh, rcp What Cisco router models can support Kerberos: Cisco 2500 series routers. What can I provide: 2501, 2511, 2520 Routers Cisco Kerberos Client support developed by CyberSafe that derived their code from MIT. How to configure Kerberos in IOS: LINK"!0 ?Cisco IOS Services Step 2: Steps to Authenticate a Remote User @@&Step 1 Authenticate to the Boundary Router Step 2 Obtain a Ticket Granting Ticket from the KDC Step 3 Authenticate to Network Services  GCisco IOS Services Step 3: Steps to Authenticate a Remote User, DetailsHH&The remote user opens a PPP connection to the corporate site router. The router prompts the user for a username and password. The router requests a TGT from the KDC for this particular user. The KDC sends an encrypted TGT to the router that includes (among other things) the user's identity. The router attempts to decrypt the TGT using the password the user entered. If the decryption is successful, the remote user is authenticated to the router. GCisco IOS Services Step 4: Steps to Authenticate a Remote User, DetailsHH&The remote user, at a workstation on a remote site, launches the KINIT program (part of the client software provided with the Kerberos protocol). The KINIT program finds the user's identity and requests a TGT from the KDC. The KDC creates a TGT, which contains the identity of the user, the identity of the KDC, and the TGT's expiration time. Using the user's password as a key, the KDC encrypts the TGT and sends the TGT to the workstation. When the KINIT program receives the encrypted TGT, it prompts the user for a password (this is the password that is defined for the user in the KDC). If the KINIT program can decrypt the TGT with the password the user enters, the user is authenticated to the KDC, and the KINIT program stores the TGT in the user's credential cache.Z HCisco IOS Services Step 5a: Steps to Authenticate a Remote User, DetailsII&XThe user on Host A initiates a Kerberized application (such as Telnet) to Host B. The Kerberized application builds a service credential request and sends it to the KDC. The service credential request includes (among other things) the user's identity and the identity of the desired network service. The TGT is used to encrypt the service credential request. The KDC tries to decrypt the service credential request with the TGT it issued to the user on Host A. If the KDC can decrypt the packet, it is assured that the authenticated user on Host A sent the request. The KDC notes the network service identity in the service credential request. The KDC builds a service credential for the appropriate network service on Host B on behalf of the user on Host A. The service credential contains the client's identity and the desired network service's identity.YPY  HCisco IOS Services Step 5b: Steps to Authenticate a Remote User, DetailsII&The KDC then encrypts the service credential twice. It first encrypts the credential with the SRVTAB that it shares with the network service identified in the credential. It then encrypts the resulting packet with the TGT of the user (who, in this case, is on Host A). The KDC sends the twice-encrypted credential to Host A. Host A attempts to decrypt the service credential with the user's TGT. If Host A can decrypt the service credential, it is assured the credential came from the real KDC. Host A sends the service credential to the desired network service. Note that the credential is still encrypted with the SRVTAB shared by the KDC and the network service. The network service attempts to decrypt the service credential using its SRVTAB. If the network service can decrypt the credential, it is assured the credential was in fact issued from the KDC. Note that the network service trusts anything it can decrypt from the KDC, even if it receives it indirectly from a user. This is because the user first authenticated with the KDC. P (IPSec Encryption Services: General Info.))&IPSec: packet encryption and encapsulation, computer-to-computer protocol Kerberos: service authentication, client-to-service protocol IPSec: Integrity Kerberos: Authenticity How to implement Kerberos over IPSec. Online lesson from MIT LINK !0 Mail Services: General Info.KPOP (Kerberos Post Office Protocol) Developed by Pennsylvania State University (Penn State, PSU) KPOP was developed for Eudora Mail Program Authenticates user using Kerberos FTP Services: General Info.FTP  have to send the password in the clear KFTP  Authenticates the user, very secure. (something I was looking for) KFTP Available with FreeBSD, Linux, and Mac OS My guess it is available with Windows also.   ` 3333ff3` 3333f33ff3` "3333̙ff3` Kf3̙` &e̙3g3f` f333̙po7` ___f3̙;/f9` ff3Lm` ff3LmNLm>?" dd@*?nAd@q<nAqFLK#M n?" dd@   @@``PR    M`2p>> (    H? ?" `}  X Click to edit Master title style!!  @  HX? ?" `  RClick to edit Master text styles Second level Third level Fourth level Fifth level!    S    6 #" `] `}  `*     6 #" ``   X*     6 #" `] `}  X*     C @ABCDE FjJ@3"0`B  s *DjJ"0 `0H  0޽h ? ___f3̙;/f9___PPT10i.  +D=' = @B + Edge  @(    H? ?"@  X Click to edit Master title style!!    HP? ?"   [#Click to edit Master subtitle style$$    6ĸ #" `] `}  `*     6 #" `]}   X*     6 #" `] `}  X*     C @ABCDE F8c@3"@B  s *DjJ"  ,$0H  0޽h ? ___f3̙;/f9___PPT10i.  +ityD=' = @B +0 00(  x  c $ʣ@  x  c $Pˣ   H  0޽h ? 3380___PPT10. `y7$  P$(  r  S k `}   r  S Xm `  H  0޽h ? ___f3̙;/f980___PPT10. p$  `$(  r  S dt `}   r  S  u `  H  0޽h ? ___f3̙;/f980___PPT10.$ 5$  p $(   r  S | `}   r  S \} `  H  0޽h ? ___f3̙;/f980___PPT10.${}  $$(  $r $ S  `}   r $ S t ``  H $ 0޽h ? ___f3̙;/f9___PPT10i.&}+D=' = @B +}  ($(  (r ( S ܑ `}   r ( S  `  H ( 0޽h ? ___f3̙;/f9___PPT10i.& s+D=' = @B +$  ,$(  ,r , S  `}   r , S   H , 0޽h ? ___f3̙;/f980___PPT10.((}  0$(  0r 0 S 0 `}   r 0 S 차  H 0 0޽h ? ___f3̙;/f9___PPT10i.(p]+D=' = @B +}  4$(  4r 4 S l `}   r 4 S (0  H 4 0޽h ? ___f3̙;/f9___PPT10i.(b+D=' = @B +$  8$(  8r 8 S ƨ `}   r 8 S hǨ`  H 8 0޽h ? ___f3̙;/f980___PPT10.($  <$(  <r < S 4 `}   r < S  `  H < 0޽h ? ___f3̙;/f980___PPT10.*/$  @$(  @r @ S  `}   r @ S @ `  H @ 0޽h ? ___f3̙;/f980___PPT10.+2I$   D$(  Dr D S  `}   r D S T `  H D 0޽h ? ___f3̙;/f980___PPT10.+KrD%^1L9;=?BDG>IKHNtPRT VAOh+'08 hp    (0#Kerberos Interoperability Project i Ilya BurdmanropEdgeBur tadepojuman9deMicrosoft PowerPointlit@uZT @@s_ @~lGg  w.& &&#TNPP42OMi & TNPP &&TNPP    --- !---&/&ww@V ww w0- &Gy& &4t-̙-$ ?BB@@@??--&&-̙- $||--&--Y`-- @Garamond ww w0- f3..2 jKerberos Interoperability - . f3.2 'jProject".--Y-- f3@Arialw@V ww w0- .2 PART I . .2 Services .--"System !Hw-&TNPP &r՜.+,D՜.+,     /On-screen Show NASA/SEWPShhWO  Arial GaramondTimes New Roman WingdingsEdge#Kerberos Interoperability Project +Printing Services Step 1: Hardware Support+Printing Services Step 2: Hardware Support6Printing Services Step 3: Software Printing Protocols*Cisco IOS Services: Step 1: General Info.@Cisco IOS Services Step 2: Steps to Authenticate a Remote User HCisco IOS Services Step 3: Steps to Authenticate a Remote User, DetailsHCisco IOS Services Step 4: Steps to Authenticate a Remote User, DetailsICisco IOS Services Step 5a: Steps to Authenticate a Remote User, DetailsICisco IOS Services Step 5b: Steps to Authenticate a Remote User, Details)IPSec Encryption Services: General Info.Mail Services: General Info.FTP Services: General Info.  Fonts UsedDesign Template Slide Titles  8@ _PID_HLINKSA$/http://www2.xerox.com/downloads/dc01cc0258.pdf1http://asg.web.cmu.edu/andrew2/dist/klprmon.html0http://web.mit.edu/is/help/winxp/klp-winxp.htmlPhttp://web.mit.edu/macdev/Development/Applications/KLPR/Documentation/klpr.htmlehttp://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/scprt2/sckerb.pdfthttp://web.mit.edu/pismere/MSR-Summer-2000/DAY1_Finished/KerberosWorkshop_W2K_win2k-ipsec-usage-of-kerb/default.htm _DWtadepojutadepoju  !"#$%&'()*+-./012356789:;=>?@ABCFRoot EntrydO)Current User<SummaryInformation(,PowerPoint Document(hWDocumentSummaryInformation84