Yuli 28, 2022

Kerberos ya bayyana

Laifukan yanar gizo lamari ne mara dadi a kwanakin nan; babu kamfani ko kungiya da ke da aminci, ba tare da la'akari da magana game da masu zaman kansu ko kasuwanci gaba ɗaya ba. Matsalar ba za ta inganta kwanakin nan ba sai dai idan ba za mu iya amfani da ƙa'idar mu tare da ingantaccen hanyar sadarwar hanyar sadarwa ba.

Masana sun yi hasashen cewa laifukan yanar gizo za su lalata farashin duniya da dala tiriliyan 25 a karshen shekarar 2025; m, ba haka ba?

Wani hasashe da Forbes ta yi ya ce yawan amfani da na'urorin tafi da gidanka na kara yawan laifuka ta yanar gizo, kuma ba a daina yin hakan. Sakamakon haka, duniyar dijital tana shiga don nemo sabbin dabaru don ƙarfafa tsaro ta yanar gizo. Waɗannan tsinkaya suna da yawa wanda ba ku shirye ku ji ba ko ma aiwatarwa a cikin zuciyar ku.

A yau, muna neman ƙa'idar hanyar sadarwa ta Kerberos. Mu ja labule mu sani menene Kerberos?

Menene Kerberos? 

Intanet wuri ne mara tsaro. Wasu tsare-tsare suna tura bangon wuta don hana damar shiga kwamfutoci mara izini. Amma Firewalls suna ɗauka cewa miyagu suna waje, kuma wannan matsala ce. Yawancin yunƙurin ƙeta ana yin su ne daga ciki.

Yin amfani da cryptography mai ƙarfi, Kerberos ƙa'ida ce don tabbatar da buƙatun sabis na cibiyar sadarwa tsakanin amintattun runduna a cikin hanyar sadarwa mara aminci. Yana amfani da bayanan sirri na maɓalli na tsaro da amintaccen ɓangare na uku don kafa aikace-aikacen uwar garken abokin ciniki da tabbatar da ainihin masu amfani.

Kerberos wata ka'ida ce ta tantancewa bisa tsarin tikitin tikiti wanda abokin ciniki ya tabbatar da kansa zuwa uwar garken Authentication (AS) kuma ya karɓi tikiti (matakai iri-iri da ke tsakanin sadarwa tare da Cibiyar Rarraba Maɓalli) wanda zai iya sake amfani da duk nodes ta amfani da iri ɗaya. KDC. Don haka, a cikin hanyar sadarwa ta ciki, zaku iya samun damar nodes ta hanyar tabbatar da kanku zuwa AS sannan kuma sake amfani da tikitin don samun dama ga sauran nodes.

A ina aka fi amfani da yarjejeniyar Kerberos? 

Ana amfani da Kerberos musamman akan amintattun tsare-tsare waɗanda ke buƙatar ingantaccen tantancewa da fasalulluka na tantancewa. Ana amfani da shi a cikin tantancewar Posix, madadin tsarin tabbatarwa don ssh, POP, da SMTP, a cikin Active Directory, NFS, Samba, da wasu 'yan kaɗan makamantan ayyukan. Ana iya amfani da shi akai-akai azaman tsarin saukarwa don duk wani abu da ya fahimci amincin POSIX, wanda yake kaɗan.

Aikin OpenAuth na asali ya yi amfani da irin wannan tsarin, tare da alamun maye gurbin tunanin tikiti daga mahangar abokin ciniki. Sanin aƙalla ƴan wasu aiwatarwa waɗanda suka yi amfani da ingantaccen salon Kerberos da dubawa don matakan sadarwar sabis na yanar gizo a cikin tsarin girgije.

Yana da babban tsari, kodayake saboda POSIX, zaku sami damar samun izini kaɗan kaɗan, amma kamar yawancin abubuwa, zaku iya "mirgina naku," kuma sauran aikace-aikacen za su mutunta yadda kuke so. . Hakanan yana taimakawa cewa yakamata a yi izini akai-akai, yayin da tabbatarwa yana faruwa ne kawai tare da sabbin hanyoyin haɗi lokacin da tikitin da ya gabata ya ƙare ko bayan asarar haɗin gwiwa ko ƙarewa.

Menene fa'idodin tantancewar Kerberos? 

Kerberos yana kawo fa'idodi da yawa ga kowane saitin tsaro na intanet. Babban fa'idodin sune:

  • Ingantacciyar kulawar samun dama: Kerberos yana ba masu amfani maki guda don ci gaba da lura da tsaro da aiwatar da manufofin shiga.
  • Amintaccen damar rayuwa don tikiti masu mahimmanci: Kowane tikitin Kerberos yana da tambarin lokutan tikiti, bayanan rayuwa, da lokacin tantancewa wanda mai gudanarwa ke sarrafawa.
  • Tabbacin kan-point: Wasu tsarin sabis da masu amfani za su iya tantancewa da amfani da juna ta hanyar tantance juna.
  • Tabbacin sake amfani da shi: duk wanda ke amfani da ingantaccen Kerberos zai iya sake amfani da shi kuma yana da ɗorewa, yana buƙatar kowane mai amfani ya tabbatar da tsarin sau ɗaya kawai. Har zuwa tikitin ana amfani da shi, mai amfani ba zai adana bayanansu ba don dalilai na tantancewa.
  • Matakan tsaro masu ƙarfi da iri-iri: Kerberos yana da kariyar tabbatar da tsaro don amfani da cryptography, maɓallan sirri da yawa, da izini na ɓangare na uku, ƙirƙirar ingantaccen tsaro da tsaro. Wani abu game da Kerberos shine cewa kalmomin shiga ba sa aikawa ta hanyar sadarwa, yayin da maɓallan sirri ke ɓoye.

Menene ma'anar kwararar ka'idar Kerberos? 

Anan akwai ƙarin cikakken sigar abin da amincin Kerberos yake gabaɗaya. Har ila yau, san yadda yake aiki ta hanyar rarraba shi zuwa matakai daban-daban da ainihin abubuwan da ke ciki.

Anan ga manyan ƙungiyoyin da ke cikin ƙaƙƙarfan ƙa'idar Kerberos.

  • Abokin ciniki: Abokin ciniki yana aiki da sunan ƙwarewar mai amfani kuma yana aiki azaman sadarwa don buƙatar sabis.
  • Server: Sabar tana karɓar mai amfani da ke son samun dama gare ta.
  • Sabar Tantancewar (AS): AS tana aiwatar da amincin abokin ciniki da ake buƙata. Idan an ƙaddamar da tabbatarwa cikin nasara, abokin ciniki yana karɓar tikitin da ake kira TGT (tikitin ba da tikiti), ainihin tabbaci cewa sauran sabar abokan ciniki an inganta su.
  • Cibiyar Rarraba Maɓalli (KDC): A cikin yanayi na Kerberos, an raba amincin a hankali zuwa sassa daban-daban guda uku
  • Database 
  • Sabar Tantancewar (AS)
  • Tikitin bayar da tikiti (TGT)

Waɗannan sassa uku suna gudana, suna juyawa kuma suna wanzu a cikin uwar garken guda ɗaya da ake kira Cibiyar Rarraba Maɓalli (KDC).

Gudun ƙa'idar ya ƙunshi matakai masu zuwa: 

mataki 1: Da farko, buƙatar tabbatar da abokin ciniki yana tafiya. Mai amfani yana neman TGT daga uwar garken tantancewa (AS), wanda ya haɗa da ID na abokin ciniki don hujja.

mataki 2: KDC tana tabbatar da tsarin da ke sama tare da takaddun shaidar abokin ciniki. AS na duba bayanan don tsaron abokin ciniki kuma ya gano duka dabi'u; yana fitar da maɓallin abokin ciniki na sirri, yana amfani da kalmar sirri tare da kalmomi masu zafi.

mataki 3: Abokin ciniki yana aika saƙon. Abokin ciniki ko mai amfani yana amfani da maɓallin ɓoye ɓoye zuwa saƙo kuma yana haifar da SK1 da TGT na amincin da ke tabbatar da tikitin abokin ciniki.

mataki 4: Abokin ciniki yana amfani da tikiti don samun damar buƙatun da aka samar. Abokan ciniki suna buƙatar tikiti daga uwar garken da ke ba da sabis ta hanyar aika maɓalli da ƙirƙirar tabbaci ga TGS.

mataki 5: KDC tana samar da tikiti don uwar garken fayil. Daga nan TGT yana amfani da maɓallin sirri na TGS don kwatanta TGT da aka karɓa daga mai amfani don cire SK1. TGS yana duba idan bayanan sun dace da ID na abokin ciniki da adireshin.

A ƙarshe, KDC ta ƙirƙiri tikitin sabis wanda ya ƙunshi ID na abokin ciniki, adireshin, tambarin lokaci, da SK2.

mataki 6: Abokin ciniki yana amfani da tikitin uwar garken fayil don tantance Sk1 da Sk2.

mataki 7: Sabar da aka yi niyya sannan ta karɓi ɓarna da tantancewa. Mutumin da aka yi niyya yana amfani da maɓallin sirrin uwar garken don ɓata tikitin da aka bayar da kuma cire SK2.

Da zarar an cika cak ɗin, uwar garken da aka yi niyya ta aika saƙon abokin ciniki yana tabbatar da abokin ciniki da AS juna. Mai amfani yanzu yana shirye don shiga cikin amintaccen zama.

Kammalawa 

A ƙarshen labarin, muna fatan kun sami bayanin abin da Kerberos yake. Don ƙarin koyo game da Kerberos, Simplilearn yana bayarwa Koyi kan layi mai sauƙi ga duk masu son koyan Kerberos.

Game da marubucin 

Peter Hatch


{"email": "Adireshin imel ba daidai ba ne", "url": "Adireshin gidan yanar gizo ba shi da inganci", "required": "Filin da ake buƙata ya ɓace"}