Authentication with Kerberos


Kerberos is a protocol that enables secure authentication can be done in an insecure network. It allows clients and servers on a network to authenticate themselves to each other. This means that the server knows that the client user is correct while the client knows that the server is correct. Authentication takes place against a central server, called “Key Distribution Center” (KDC), which consists of two logical components, an “Authentication Server “(AS) and a “Ticket Granting Server” (TGS). Kerberos uses tickets for clients as proof of an approved authentication. When a client wants to use a new service, it sends its ticket instead of performing a new authentication. A KDC has a database of all system users and their passwords.

Authentication with Kerberos is as follows:

Source: RFC 4120