Kerberos and T125 protocol

1
votes

Why does Kerberos authentication use T125 protocol? I believe Kerberos authentication behaves this way:

  • Client asks for a ticket to the Kerberos authority
  • The Kerberos authority provides a Ticket to the client
  • The Client tries to authenticate towards a Server and sends to the server this Ticket.
  • The Server verifies the Ticket is OK with the Kerberos Authority, and authenticates the Client.

Now, where, in this process, is used T125 and why?
And does the Client send the Ticket any time it tries to access (e.g: for each HTTP GET page) to the Server and the Server checks this Ticket any time, or is it just once at the beginning of the "conversation"?

Thank you!

1
securityauthenticationkerberoshttp-authentication

1 Answers

2
votes

Not familiar with T125, but your Kerberos flow is off a little.
Roughly:

  1. User authenticates to KDC (Kerberos authority)
  2. KDC grants user a TGT (ticket granting ticket)
  3. user tries to access server
  4. Server demands server ticket, sends user some info (to identify the server)
  5. user asks KDC for ticket for server, sends TGT and server info
  6. KDC issues server ticket to user
  7. User submits server ticket to user on every access.

I know I didnt directly answer your T125 question, but I hope this helped anyway.