HP UX Kerberos Data Security Software manual 25

Overview

How The Kerberos Server Works

How The Kerberos Server Works

The term “Kerberos” was derived from Greek mythology. “Cerberus” is the latin variant of Kerberos who guarded the entrance of Hades, the Greek hell. The Kerberos security system, on the other hand, guards electronic transmissions that are sent across the network.

Kerberos is a mature network authentication protocol based on the RFC 1510 specification of the IETF. It is designed to provide strong authentication for client or server applications by using the shared secret-key cryptography.

The Kerberos Server is based on a distributed client-server architecture. It ensures secure communication in a networked environment by leveraging individual trust relationships. It then brokers that trust across enterprise-wide, distributed client-server networks.

The basic currency of Kerberos is the ticket, which the user presents in order to use a specific service. Each service, be it a login service or an FTP service, requires a different kind of ticket. Fortunately, the Kerberized applications keep track of all the various kinds of tickets, so you don’t have to.

When you first log on to Kerberos each day, you enter your Kerberos password. In return, the Kerberos server gives you an initial ticket, which you use to request for additional tickets from the Kerberos server for all the other services. For this reason, the initial ticket is also often called the ticket-granting-ticket, or TGT.

The communication between the client and server is secured by using the Kerberos protocol. Thus, client programs make authentication requests to an authentication server, and server programs in-turn service those client requests. Based on a user’s credentials the server program grants or denies a user’s request to access network applications and services. The Kerberos Server allows entities to authenticate themselves, without having to transmit their passwords in clear text form, over the networks.