Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Kerberos is a network protocol that uses secret-key cryptography to authenticate client-server applications. Kerberos requests an encrypted ticket via an authenticated server sequence to use services.
The protocol gets its name from the three-headed dog (Kerberos, or Cerberus) that guarded the gates of Hades in Greek mythology.
Kerberos was developed by Project Athena - a joint project between the Massachusetts Institute of Technology (MIT), Digital Equipment Corporation and IBM that ran between 1983 and 1991.
An authentication server uses a Kerberos ticket to grant server access and then creates a session key based on the requester’s password and another randomized value. The ticket-granting ticket (TGT) is sent to the ticket-granting server (TGS), which is required to use the same authentication server.
The requester receives an encrypted TGS key with a time stamp and service ticket, which is returned to the requester and decrypted. The requester sends the TGS this information and forwards the encrypted key to the server to obtain the desired service. If all actions are handled correctly, the server accepts the ticket and performs the desired user service, which must decrypt the key, verify the timestamp and contact the distribution center to obtain session keys. This session key is sent to the requester, which decrypts the ticket.
If the keys and timestamp are valid, client-server communication continues. The TGS ticket is time stamped, which allows concurrent requests within the allotted time frame.