{"id":1176,"date":"2023-11-21T08:39:22","date_gmt":"2023-11-21T00:39:22","guid":{"rendered":"https:\/\/www.ruianding.com\/blog\/?p=1176"},"modified":"2023-12-07T22:48:56","modified_gmt":"2023-12-07T14:48:56","slug":"popular-authentication-protocols-kerberos","status":"publish","type":"post","link":"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/","title":{"rendered":"Authentication Protocols – Kerberos"},"content":{"rendered":"\n

Kerberos Concepts<\/h3>\n\n\n\n

Kerberos authentication protocol operates primarily at the Application Layer<\/strong>(Layer 7) of the OSI. Kerberos aims to enable two parties to exchange private information securely over an insecure network.<\/p>\n\n\n\n

It was developed in the mid-1980s as part of MIT’s Project Athena. The protocol is named after the mythological three-headed dog Kerberos (or Cerberus), the guardian of the Greek underworld.<\/p>\n\n\n\n

Microsoft introduced their version of Kerberos in Windows 2000. It has also become a standard for websites and Single-Sign-On implementations across platforms.<\/p>\n\n\n\n

\n\n\n\n

Kerberos vs. NTLM<\/h3>\n\n\n\n

Before adopting Kerberos, Microsoft used a protocol known as NTLM (NT Lan Manager)<\/strong> for authentication. NTLM, which is a challenge-response authentication protocol, involves the target computer or domain controller verifying a password and then storing password hashes for future use.<\/p>\n\n\n\n

The key difference between NTLM and Kerberos lies in Kerberos’ use of third-party verification and its stronger encryption capabilities. This added step in Kerberos significantly enhances security compared to NTLM.<\/p>\n\n\n\n

In today’s security landscape, NTLM is considered outdated and vulnerable. It can be compromised within hours, making it unsuitable for protecting sensitive data. Hence, relying on NTLM for security purposes is not recommended due to its vulnerabilities and the superior security offered by newer technologies like Kerberos.<\/p>\n\n\n\n

\n\n\n\n

Authenticaiton Flow<\/h3>\n\n\n\n

Kerberos uses a trusted third party, known as the Key Distribution Center (KDC), to authenticate users and services.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

1. KRB_AS_REQ:<\/strong><\/h4>\n\n\n\n

The client requests a TGT from the Key Distribution Center (KDC)’s Authentication Server (AS)<\/strong>.
The client encrypts the timestamp<\/strong> \u2460<\/a> with its password-derived key<\/strong> (let’s call it ClientKey, someone will also call that NTLM Hash). This is used for pre-authentication<\/strong>.<\/p>\n\n\n\n

In the following example, in the frame 196<\/strong> the client machine with the IP address “192.168.2.55” initiates an Authentication Service (AS) Request to the Domain Controller named “Ruian-ADDS-01.ruianding.com.” However, the DC returns an KRB_ERROR – KDC_ERR_PREAUTH_REQUIRED (25)<\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
1.1 Why there’s a KDC_ERR_PREAUTH_REQUIRED<\/strong> Error?<\/h5>\n\n\n\n

The KDC_ERR_PREAUTH_REQUIRED<\/strong> error in Kerberos authentication is a standard and expected <\/strong>part of the protocol, signifying the need for pre-authentication. It occurs when a client initially requests a TGT from the KDC<\/strong>. The KDC responds with this message to prompt the client to prove its identity, enhancing security by preventing replay attacks. This is done by having the client encrypt the current timestamp with a key derived from the user’s password<\/strong>, which the KDC then verifies. Once the client successfully completes this step, the KDC proceeds with the standard Kerberos authentication process. This response is commonly seen in Kerberos authentication traces and is a routine component of the protocol, not an indication of an error.<\/p>\n\n\n\n

\u2460 So if we compare the frame 196<\/strong> and the frame 204<\/strong> after the Preauth challenge. We can see the frame 204<\/strong> has extra content which is the encyrted timestamp.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

2. KRB_AS_REP:<\/h4>\n\n\n\n

The KDC, after validating the pre-authentication, sends back the TGT<\/strong> (Golden Ticket)<\/strong> and a session key<\/strong> (let’s call it TGTSessionKey). The TGT is encrypted with the KDC’s secret key (KDCSecretKey\/someone will also call it KDC account NTLM hash)<\/strong>, which the client cannot decrypt<\/strong>. The TGTSessionKey<\/strong> is encrypted with ClientKey.<\/strong><\/p>\n\n\n\n

Domain Controller “Ruian-ADDS-01.ruianding.com” respond the with the TGT to the client machine 192.168.2.55″.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

3. KRB_TGS_REQ:<\/strong><\/h4>\n\n\n\n

The client requests a service ticket<\/strong> for a specific server (let\u2019s call this server \u201cService\u201d). It sends the TGT (which it can’t decrypt) and an authenticator (which includes the client’s ID and a timestamp), encrypted with the TGTSessionKey.<\/strong><\/p>\n\n\n\n

The client machine with the IP address “192.168.2.55” initiates an TGS Request to the Domain Controller named “Ruian-ADDS-01.ruianding.com.”<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

4. KRB_TGS_REP:<\/strong><\/h4>\n\n\n\n

The KDC decrypts the TGT with its KDCSecretKey and the authenticator with the TGTSessionKey. It sends back a service ticket (encrypted with the Service\u2019s secret key, ServiceKey)<\/strong> and a service session key (ServiceSessionKey), encrypted with the TGTSessionKey<\/strong>.<\/p>\n\n\n\n

Domain Controller “Ruian-ADDS-01.ruianding.com” respond the with the TGS Response to the client machine “192.168.2.55”.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

5. KRB_AP_REQ:<\/strong><\/h4>\n\n\n\n

The client sends the service ticket (which it cannot decrypt) and a new authenticator, which includes the client’s ID and timestamp<\/strong>, encrypted with the ServiceSessionKey, to the Service.<\/p>\n\n\n\n

6. KRB_AP_REP:<\/strong><\/h4>\n\n\n\n

The Service decrypts the ticket with ServiceKey to obtain the ServiceSessionKey, then uses this key to decrypt the authenticator. If the information matches and is timely, the Service grants access.<\/p>\n\n\n\n

\n\n\n\n

References:<\/strong><\/p>\n\n\n\n

https:\/\/www.varonis.com\/blog\/kerberos-authentication-explained<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Kerberos Concepts Kerberos authentication protocol operates primarily at the Application Layer(Layer 7) of the OSI. Kerberos aims to enable two parties to exchange private information securely over an insecure network. It was developed in the mid-1980s as part of MIT’s Project Athena. The protocol is named after the mythological three-headed dog Kerberos (or Cerberus), the […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[49],"tags":[],"class_list":["post-1176","post","type-post","status-publish","format-standard","hentry","category-protocols"],"yoast_head":"\nAuthentication Protocols - Kerberos - \u6781\u7b80IT\uff5cSimpleIT<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Authentication Protocols - Kerberos - \u6781\u7b80IT\uff5cSimpleIT\" \/>\n<meta property=\"og:description\" content=\"Kerberos Concepts Kerberos authentication protocol operates primarily at the Application Layer(Layer 7) of the OSI. Kerberos aims to enable two parties to exchange private information securely over an insecure network. It was developed in the mid-1980s as part of MIT’s Project Athena. The protocol is named after the mythological three-headed dog Kerberos (or Cerberus), the […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/\" \/>\n<meta property=\"og:site_name\" content=\"\u6781\u7b80IT\uff5cSimpleIT\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-21T00:39:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-12-07T14:48:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/11\/image-25.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1180\" \/>\n\t<meta property=\"og:image:height\" content=\"744\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Ruian Ding\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ruian Ding\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/\"},\"author\":{\"name\":\"Ruian Ding\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"headline\":\"Authentication Protocols – Kerberos\",\"datePublished\":\"2023-11-21T00:39:22+00:00\",\"dateModified\":\"2023-12-07T14:48:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/\"},\"wordCount\":726,\"publisher\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"image\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/11\/image-25.png\",\"articleSection\":[\"Protocols\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/\",\"url\":\"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/\",\"name\":\"Authentication Protocols - Kerberos - \u6781\u7b80IT\uff5cSimpleIT\",\"isPartOf\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/11\/image-25.png\",\"datePublished\":\"2023-11-21T00:39:22+00:00\",\"dateModified\":\"2023-12-07T14:48:56+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/#primaryimage\",\"url\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/11\/image-25.png\",\"contentUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/11\/image-25.png\",\"width\":1180,\"height\":744},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.ruianding.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Authentication Protocols – Kerberos\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#website\",\"url\":\"https:\/\/www.ruianding.com\/blog\/\",\"name\":\"Ruian's Tech Troubleshooting Toolbox\",\"description\":\"Debug the World.\",\"publisher\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"alternateName\":\"\u4e01\u777f\u5b89\u7684\u6280\u672f\u5206\u4eab\u535a\u5ba2\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.ruianding.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\",\"name\":\"Ruian Ding\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png\",\"contentUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png\",\"width\":284,\"height\":284,\"caption\":\"Ruian Ding\"},\"logo\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/\"},\"description\":\"I am currently a Support Specialist at NIO, focusing on cloud-related issues for NIO Power. Previously, at Microsoft Entra ID, I specialized in identity and access management (IAM), including device registration, Windows Hello for Business (WHfB), multi-factor authentication (MFA), and single sign-on (SSO). In addition to my core expertise, I have a strong foundation in Active Directory, Servers, Cloud Computing, Network Administration, and Front-end Web Development. This diverse technical skill set enables me to effectively handle a wide range of challenges in a fast-paced IT environment.\",\"sameAs\":[\"https:\/\/www.ruianding.com\"],\"url\":\"https:\/\/www.ruianding.com\/blog\/author\/ruiand\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Authentication Protocols - Kerberos - \u6781\u7b80IT\uff5cSimpleIT","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/","og_locale":"en_US","og_type":"article","og_title":"Authentication Protocols - Kerberos - \u6781\u7b80IT\uff5cSimpleIT","og_description":"Kerberos Concepts Kerberos authentication protocol operates primarily at the Application Layer(Layer 7) of the OSI. Kerberos aims to enable two parties to exchange private information securely over an insecure network. It was developed in the mid-1980s as part of MIT’s Project Athena. The protocol is named after the mythological three-headed dog Kerberos (or Cerberus), the […]","og_url":"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/","og_site_name":"\u6781\u7b80IT\uff5cSimpleIT","article_published_time":"2023-11-21T00:39:22+00:00","article_modified_time":"2023-12-07T14:48:56+00:00","og_image":[{"width":1180,"height":744,"url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/11\/image-25.png","type":"image\/png"}],"author":"Ruian Ding","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ruian Ding","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/#article","isPartOf":{"@id":"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/"},"author":{"name":"Ruian Ding","@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"headline":"Authentication Protocols – Kerberos","datePublished":"2023-11-21T00:39:22+00:00","dateModified":"2023-12-07T14:48:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/"},"wordCount":726,"publisher":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"image":{"@id":"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/11\/image-25.png","articleSection":["Protocols"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/","url":"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/","name":"Authentication Protocols - Kerberos - \u6781\u7b80IT\uff5cSimpleIT","isPartOf":{"@id":"https:\/\/www.ruianding.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/#primaryimage"},"image":{"@id":"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/11\/image-25.png","datePublished":"2023-11-21T00:39:22+00:00","dateModified":"2023-12-07T14:48:56+00:00","breadcrumb":{"@id":"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/#primaryimage","url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/11\/image-25.png","contentUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/11\/image-25.png","width":1180,"height":744},{"@type":"BreadcrumbList","@id":"https:\/\/www.ruianding.com\/blog\/popular-authentication-protocols-kerberos\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ruianding.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Authentication Protocols – Kerberos"}]},{"@type":"WebSite","@id":"https:\/\/www.ruianding.com\/blog\/#website","url":"https:\/\/www.ruianding.com\/blog\/","name":"Ruian's Tech Troubleshooting Toolbox","description":"Debug the World.","publisher":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"alternateName":"\u4e01\u777f\u5b89\u7684\u6280\u672f\u5206\u4eab\u535a\u5ba2","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ruianding.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b","name":"Ruian Ding","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png","contentUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png","width":284,"height":284,"caption":"Ruian Ding"},"logo":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/"},"description":"I am currently a Support Specialist at NIO, focusing on cloud-related issues for NIO Power. Previously, at Microsoft Entra ID, I specialized in identity and access management (IAM), including device registration, Windows Hello for Business (WHfB), multi-factor authentication (MFA), and single sign-on (SSO). In addition to my core expertise, I have a strong foundation in Active Directory, Servers, Cloud Computing, Network Administration, and Front-end Web Development. This diverse technical skill set enables me to effectively handle a wide range of challenges in a fast-paced IT environment.","sameAs":["https:\/\/www.ruianding.com"],"url":"https:\/\/www.ruianding.com\/blog\/author\/ruiand\/"}]}},"_links":{"self":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/1176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/comments?post=1176"}],"version-history":[{"count":14,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/1176\/revisions"}],"predecessor-version":[{"id":1423,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/1176\/revisions\/1423"}],"wp:attachment":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/media?parent=1176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/categories?post=1176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/tags?post=1176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}