Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)

K

Kerberized applications, 186–90

list of, 186

smart card logon process, 186–90

Kerberos, 133–206

account mappings, defining, 205

account properties, 192

advantages, 134–36

authentication, 113

authentication delegation, 135–36, 164–74

authentication sequence, 134, 184

authentication speed, 134

authentication to authorization, 174–78

based on symmetric key cryptography, 139–40

basic protocol, 137–51

complete protocol illustration, 151

configuration, 190–206

configuration of components, 174

defined, 133–34

design assumptions, 138

disabled accounts and, 178

disabling, in migration scenarios, 154–55

encryption types, 179–81

error messages, 197–99

GPO settings, 190–91

interoperability, 200–206, 263–64

KDC scalability, 141–42

KDC service, 111

master keys, 144, 147–50

multiple domain logon, 156–63

multiple forest logon, 163–64

mutual authentication, 135

non-Windows implementations, 200

NTLM vs., 136, 137

as open standard, 135

ports, 193

preauthentication data, 183–84

protocol messages, 150

protocol transition, configuring, 172–73

proxy accounts, 204

S4U2Proxy Extension, 167–68

S4U2Self Extension, 170–72

session keys, 144, 145–46

session keys transport, 142–45

single domain logon, 152–55

smart card logon support, 136

steps, 137–38

test scenario, 173–74

Ticket Granting Ticket (TGT), 148–49

tickets, 142–45

time sensitivity, 193–97

transport protocols/ports, 192–93

troubleshooting tools, 199–200

UNIX implementations, 179

Windows implementations, 200–201

Windows logon, 152–64

Kerbtray, 187, 199

Key archival, 568–79

archived key column, 572

automatic, 573

automatic, configuring, 573–74

defined, 568

manual, 569–70

process, 571

settings in certificate template properties, 574

Key distribution centers (KDCs), 9

need for, 141

non-Windows, principals defined on, 203

scalability benefit, 141–42

Windows, principals defined on, 202–3

Key management infrastructures, 5, 9–10

CA-based, 10

existence, 9

KDC-based, 10

key material, 9

public solutions, 10

TTP servers, 9

See also Trusted security infrastructures (TSIs)

Key recovery

automatic, 570–73

automatic, configuring, 573–74

from CA database, 574–76

CA settings, 573–74

defined, 568

manual, 569–70

tool, 576

Key recovery agents (KRAs), 572

defined, 570

multiple key recovery, 575

requirement, 574

Key ring, 320, 321

Keys

CA, 614–15, 630

generation, 563

hierarchy, 144–45

length, 615

master, 144, 147–50, 189

private, 480–91, 630

session, 144, 145–46, 151

update, 589

Klist, 187, 199

KMS Key Export Wizard, 577–78

Категории