directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1586538 - /directory/site/trunk/content/apacheds/kerberos-ug/1.1.6-as.mdtext
Date Fri, 11 Apr 2014 02:30:17 GMT
Author: elecharny
Date: Fri Apr 11 02:30:17 2014
New Revision: 1586538

URL: http://svn.apache.org/r1586538
Log:
Fixed some bronken images

Modified:
    directory/site/trunk/content/apacheds/kerberos-ug/1.1.6-as.mdtext

Modified: directory/site/trunk/content/apacheds/kerberos-ug/1.1.6-as.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/1.1.6-as.mdtext?rev=1586538&r1=1586537&r2=1586538&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/kerberos-ug/1.1.6-as.mdtext (original)
+++ directory/site/trunk/content/apacheds/kerberos-ug/1.1.6-as.mdtext Fri Apr 11 02:30:17
2014
@@ -27,7 +27,7 @@ Notice: Licensed to the Apache Software 
 One of the two server components of a **Kerberos** server is the Authentication Server, which
authenticates clients, and issues tickets (**TGT**, or _Ticket Granting Ticket_) that the
user can send to the **TGS** to get a service ticket.
 
 <DIV class="info" markdown="1">
-The **TGT**, or _Ticket Granting Ticket_, is a ticket that a client can use to get a service
ticket. In fact, the authentication server considers the **TGS** as just another service,
and generates a ticket for the user to access this service.
+The <B>TGT</B>, or <EM>Ticket Granting Ticket</EM>, is a ticket that
a client can use to get a service ticket. In fact, the authentication server considers the
**TGS** as just another service, and generates a ticket for the user to access this service.
 </DIV>
 
 The beauty of the **AS** is that it does not verify that the client issuing a request is
a valid client : it just returns a tickat that an attacker won't be able to process if he
does not have the client's password.
@@ -38,9 +38,7 @@ As we can see, for the client to get a *
 
 Here is the standard exchange :
 
-<DIV align="center">
 ![Kerberos Authentication with no pre-auth](images/kerberos-as-no-padata.png)
-</DIV>
 
 There is still a potential security breach in this scenario : as the server issues a **TGT**
to the client, containing the secret key built using the user's password, it is possible to
decrypt the ticket using a brute force attack (and this is more likely to happen if the password
is weak...)
 
@@ -56,9 +54,7 @@ Now, let's see how does a client 'proves
 
 Here is the exchange, when  :
 
-<DIV align="center">
 ![Kerberos Authentication with pre-auth](images/kerberos-as-padata.png)
-</DIV>
 
 
 



Mime
View raw message