Overview

Kerberos Overview

Kerberos Overview

Kerberos is a mature network authentication protocol based on the RFC 1510 specification of the IETF. It is designed to provide strong authentication for client or server applications by using the shared secret-key cryptography.

The basic currency of Kerberos is the ticket, which the user presents in order to use a specific service. Each service, be it a login service or an FTP service, requires a different kind of ticket. Fortunately, the Kerberized applications keep track of all the various kinds of tickets, so you don’t have to.

You must authenticate yourself to the server by providing your user name and password. In return, the Kerberos server gives you an initial ticket, which you use to request for additional tickets from the Kerberos server for all the other services. For this reason, the initial ticket is also often called the Ticket Granting Ticket (TGT).

Use the Kerberos protocol to secure the communication between the client and server. Thus, client programs make authentication requests to an authentication server, and server programs in turn service those client requests. Based on your user credentials, the server program grants or denies your request to access network applications and services. The Kerberos server allows entities to authenticate themselves, without having to transmit their passwords in clear text form over the network.

Chapter 1

23