Taming Kerberos - Computerphile

Computerphile
Computerphile
317,380
0
Published 2020-04-08
All Comments (21)
  • @jlxip
    I love how Mike Pound explains cryptography. He's my favorite guy of all Computerphile, next to Tom Scott, that is.
  • @Blue-tz2pd
    "B is just sitting on the network waiting for people to talk to it" Same, B, same.
  • @cyphern
    8:08 "My very well drawn curly brackets" -- damn right those are well drawn! That will make it extra secure.
  • @cherrymountains72
    3:07 - “It’s an absolute mess”. Actually, it’s a full mesh! ... I will show myself out ...
  • @lawrencedoliveiro9104
    The separation between the S and T servers is the separation between authentication (proving you are who you say you are, done by S) and authorization (what services you are allowed to access, controlled by T). Each one can be updated independently.
  • @CocoBunnyXxX
    This is HANDS DOWN the BEST description of how Kerberos works. Straight forward, easy to understand. I feel like I truly understand it now, vs just having a general idea of what it does. Thanks so much for this great content!!❤❤❤
  • @longliveriley21
    Would love to see Dr. Mike Pound do a video on JSON Web Tokens!!
  • @bharatirajanvss4937
    Hands-down the best explanation I've seen about kerberos auth mechanism on the internet.
  • @aaronwilliams7062
    12:48 I can just picture a lonely server spinning up disks that have been idle for years, like oh yea someone still wants me 😂
  • @helshabini
    It is worth mentioning that in AD, the authorization is split between the ticket granting service and the target resource (in this case the file server). The ticket will also carry information about group membership, which will allow the file server to determine whether the user trying to access it is allowed, or is a member of a group that is allowed to access the server. Also worth mentioning that because of all these timestamps floating around, it is imperative that all these systems have the same time.
  • @WouterWeggelaar
    This is a brilliant explanation! I've been working with KRB (MIT and Heimdal) and OpenAFS for a decade, but recently moved to (samba) AD. Kerberos is my friend! The most common failure of both is clock offsets! If the lifetime doesn't match or the timestamp is in the future, it throws funnies. never had any serious issues in those 10 years. KDCs just keep on working
  • @spacebar420
    Woo, finally something I'm close to understanding and actually has something to do with my work.
  • @mattwalker2533
    I can't say this enough. I LOVE this channel and how well everything is explained! Dr. Pounds videos are my favorite as he's just so likable and amazing at his explanations. Keep up the amazing work everyone!
  • @Am6-9
    One day, after doing a lot of reading and research, I nearly completely understood Kerberos. The next day, I’ve already forgotten most of it again...
  • @watcher314159
    PSA: Kerberos means "Spotted One". Even millennia ago the tradition of naming your dog Spot was so strong that even the gods got in on it.
  • @gplustree
    first heard of Kerberos nearly 30 years ago but never used it, this is the first time I've actually gotten a high-level overview that was super easy to understand - thank you!
  • @jacobsteele2929
    Thank you so much Mike for these videos. I'm taking the security + right now and I would be lost without you. Your video's really help to solidify the text.
  • @g4m3rl1k3
    The best and most in depth explanation of the Kerbaros protocol on YouTube. Thank you!
  • @chbrules
    It was nice to see this overview again. I had to learn to setup a KDC and do all this ticketing stuff for my RHCE certification. It was good to know, so I have a better understanding of what's going on behind the scenes.