What is Kerberos and how does it work?
Kerberos is a computer network security protocol that authenticates service requests between two or more trusted hosts across an untrusted network, like the internet. It uses secret-key cryptography and a trusted third party for authenticating client-server applications and verifying users’ identities.
Kerberos was developed for Project Athena at the Massachusetts Institute of Technology (MIT).
The three heads of the Kerberos protocol represent the following:
- the client or principal;
- the network resource, which is the application server that provides access to the network resource; and
- a key distribution center (KDC), which acts as Kerberos’ trusted third-party authentication service.
Users, systems and services using Kerberos need only trust the KDC. It runs as a single process and provides two services: an authentication service and a ticket granting service (TGS).
What does a Kerberos authentication?
Kerberos authentication protects user credentials from hackers. This protocol keeps passwords away from insecure networks at all times, even during user verification. Read on to learn what Kerberos authentication is and how it protects both end-users and systems.
The main components of Kerberos are:
- Authentication Server (AS):
The Authentication Server performs the initial authentication and ticket for Ticket Granting Service.
The Authentication Server verifies the access rights of users in the database.
- Ticket Granting Server (TGS):
The Ticket Granting Server issues the ticket for the Server
What is Kerberos Used For?
Although Kerberos can be found everywhere in the digital world, it is commonly used in secure systems that rely on robust authentication and auditing capabilities. Kerberos is used for Posix, Active Directory, NFS, and Samba authentication. It is also an alternative authentication system to SSH, POP, and SMTP.