Another interview question in the last 2 weeks.
So again, I asked a question based on some keywords that appeared on the candidate's resume.
“So you mentioned you are in charging of authentication service, refactored and improved the process by using Kerberos,” I asked.
“Yes, both security and performance. and it is designed for micro-service”. He said.
“How does this Kerberos work and why it is more secure?”. I asked
“It never sends any password during the process so it is more secure. It only authenticated once and can reuse the ticket all the same so it is faster”. He said.
I am good with the answer. but I want to know more from him, since myself also not so familiar with this protocol, my day-to-day auth flow mostly is JWT, OAuth, and openID.
“How does the Kerberos flow exactly work? just curious”. I asked.
“Well I am not very sure. All I know is that it never sends passwords anywhere so it is more secure, and it is designed to be used in the Kubernetes eco-system”.he replied.
I am good with the above answer. just for myself to study more, after the interview I searched and learned it.
I just to share what I have found in case to save you time (in case you want to know)
Let’s dive into the flow.
- In the beginning, the admin will pre-insert the user’s principle (username, encrypted password) into the Kerberos database (#0).
- then the user will log in with a username and password to the laptop (#1).
- after logging in, say the user wants to access some service (let’s say service A), the client will generate (derived from the password) a secret key. this is #2.
- The client sent “user1, service (or server ID)” plain text to the Authentication service. #3
- Authentication Service check if the user exists and also fetch the user’s password(encrypted) from the database. #4
- Authentication Service sent back 2 things. a session key, which is…