Kerberos & One Time Password

Today, i have got free time, remember a lesson about "Authenication methods". It is very usefull, so, i am going to school this next-week ( to be going to, not will :)).

Ok, in this lessson, i like on time password (OTP). Main contents is:
server store hash password (such as 1000 time) and number of hash times (N, in this example is 1000) in database
client request, server send number N to client, it is number of hash time.
client recevied that number N, performe hash (N-1) times password ( in this example is 999). Send it to server
server recevied hash (N-1) times of password, server hash one time, then compare with database, it true, client allowed.
server replace hash (N) times of password by hash (N-1) times of password from client, and number of hash times decrease one time ( N-1), in this example, 999 replace 1000.
If N equal 1, password reset.

I find many infomations about Kerberos:
Started in project Athena ( i don`t know)
Introduce in Windows 2000
Use symmetric key cryptography
Compoments:
Hold crytographic keys _ Key Distribution Centre (KDC)
Tickets
Ticket Granting Server (TGS)
Process:
Subject request access to an object
Authenication ( Session key include user and password, request via KDC)
KDC generate tickets for subject and object
Subject validate came from KDC
Subject send ticket to object
Object validate ticket from subject
Kerberos session is established, object grants access to subject
Problem:
Require synchronized time clock
Use UDP
Software must be part of kerberized
.. etc
------------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more.

Nam Habach