[Term of the Day]: Kerberos
Term of the Day
“Kerberos”
Definition — What is Kerberos?
Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by means of secret-key cryptography. The authentication is based on tickets used as credentials, allowing communication and proving identity in a secure manner even over a non-secure network.
Kerberos was initially developed by the Massachusetts Institute of Technology (MIT) for Project Athena in the 1980s. The protocol gets its name from the three-headed dog (Kerberos, or Cerberus) that guarded the gates of Hades in Greek mythology.
The three heads of the Kerberos protocol represent a Client, a Server, and a Key Distribution Center (KDC), which acts as Kerberos' trusted third-party authentication service.
The main components of KDC are:
- Authentication Server (AS): The Authentication Server performs the initial authentication and issues ticket-granting tickets (TGT) for users.
- Ticket Granting Server (TGS): Issues service tickets that are based on the initial ticket-granting tickets (TGT).
How does Kerberos work?
Kerberos uses the client/user password to derive an initial encryption key that allows for the secure exchange of a session key. Once a secure connection is established the authentication server issues a ticket-granting-ticket (TGT) that can be used by the client to request access to protected services.