Taming Kerberos - Computerphile
318,503
Published 2020-04-08
EXTRA BITS: Kerberos Q&A • EXTRA BITS: Kerberos Q&A - Computerphile
www.facebook.com/computerphile
twitter.com/computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com/
All Comments (21)
-
I love how Mike Pound explains cryptography. He's my favorite guy of all Computerphile, next to Tom Scott, that is.
-
3:07 - “It’s an absolute mess”. Actually, it’s a full mesh! ... I will show myself out ...
-
8:08 "My very well drawn curly brackets" -- damn right those are well drawn! That will make it extra secure.
-
The separation between the S and T servers is the separation between authentication (proving you are who you say you are, done by S) and authorization (what services you are allowed to access, controlled by T). Each one can be updated independently.
-
"B is just sitting on the network waiting for people to talk to it" Same, B, same.
-
Would love to see Dr. Mike Pound do a video on JSON Web Tokens!!
-
This is HANDS DOWN the BEST description of how Kerberos works. Straight forward, easy to understand. I feel like I truly understand it now, vs just having a general idea of what it does. Thanks so much for this great content!!❤❤❤
-
Hands-down the best explanation I've seen about kerberos auth mechanism on the internet.
-
12:48 I can just picture a lonely server spinning up disks that have been idle for years, like oh yea someone still wants me 😂
-
Where is alice, bob, charlie, and debbie these days, anyway? I heard all about their problems in school for computer science.
-
This is a brilliant explanation! I've been working with KRB (MIT and Heimdal) and OpenAFS for a decade, but recently moved to (samba) AD. Kerberos is my friend! The most common failure of both is clock offsets! If the lifetime doesn't match or the timestamp is in the future, it throws funnies. never had any serious issues in those 10 years. KDCs just keep on working
-
I can't say this enough. I LOVE this channel and how well everything is explained! Dr. Pounds videos are my favorite as he's just so likable and amazing at his explanations. Keep up the amazing work everyone!
-
3:01 Kerberos and mike draws a pentagram lol
-
It is worth mentioning that in AD, the authorization is split between the ticket granting service and the target resource (in this case the file server). The ticket will also carry information about group membership, which will allow the file server to determine whether the user trying to access it is allowed, or is a member of a group that is allowed to access the server. Also worth mentioning that because of all these timestamps floating around, it is imperative that all these systems have the same time.
-
first heard of Kerberos nearly 30 years ago but never used it, this is the first time I've actually gotten a high-level overview that was super easy to understand - thank you!
-
Woo, finally something I'm close to understanding and actually has something to do with my work.
-
The best and most in depth explanation of the Kerbaros protocol on YouTube. Thank you!
-
One day, after doing a lot of reading and research, I nearly completely understood Kerberos. The next day, I’ve already forgotten most of it again...
-
Thank you so much Mike for these videos. I'm taking the security + right now and I would be lost without you. Your video's really help to solidify the text.
-
This is a decent retro perspective on hard coding server based authority networking. Thank you for your efforts. Back in the early nineties we used this with Norvell for user based authentication for both bridges and simple internal routing via IPX. Cool to see it being reimplimated for wide distribution systems. Our biggest concern back then was Chatterbox, inbound exchanges outside of our secured internal networks with disparate network protocols. IP was not a standard like today.
