PrepAway - Latest Free Exam Questions & Answers

what is a role of the Active Directory?

In Kerberos authentication, what is a role of the Active Directory?

PrepAway - Latest Free Exam Questions & Answers

A.
Verifies the user’s login information

B.
Implements the Authentication service and Ticket Granting service

C.
Verifies the session ID when the client-server session is established

D.
Maintains the access control list in a keytab file

Explanation:

Kerberos Authentication
. The Kerberos authentication process shown in figure on the slide includes the following steps:
2. The user logs on to the workstation in the Active Directory domain (or forest) using an ID and a
password.
The client computer sends a request to the AS running on the KDC for a Kerberos ticket. The KDC
verifies the user’s login information from Active Directory.
3. The KDC responds with an encrypted Ticket Granting Ticket (TGT) and an encrypted session
key. TGT has a limited validity period. TGT can be decrypted only by the KDC, and the client can
decrypt only the session key.
4. When the client requests a service from a server, it sends a request, consisting of the previously
generated TGT, encrypted with the session key and the resource information to the KDC.
5. The KDC checks the permissions in Active Directory and ensures that the user is authorized to
use that service.
6. The KDC returns a service ticket to the client. This service ticket contains fields addressed to
the client and to the server hosting the service.
7. The client then sends the service ticket to the server that houses the required resources.
8. The server, in this case the NAS device, decrypts the server portion of the ticket and stores the
information in a keytab file. As long as the client’s Kerberos ticket is valid, this authorization
process does not need to be repeated. The server automatically allows the client to access the
appropriate resources.
9. A client-server session is now established. The server returns a session ID to the client, which
tracks the client activity, such as file locking, as long as the session is active.
EMC E10-001 Student Resource Guide. Module 14: Securing the Storage Infrastructure


Leave a Reply