Definition
Kerberos is a network authentication protocol that provides secure authentication for users to access network resources, like printers and files.
It uses encryption to protect users’ credentials and prevent unauthorized network access. Organizations widely use this protocol for network access control and authentication.
How Kerberos Works
- A user signs in with their credentials into a Kerberos-protected network.
- The user’s computer transmits a request to the Kerberos authentication server.
- After verifying the user’s credentials, the Kerberos authentication server issues a ticket-granting ticket (TGT), which is encrypted with a secret key only shared by the user’s computer and authentication server.
- The user computer receives and stores the TGT securely. So, when a user wants to access a resource, the user’s device requests a service ticket from the Kerberos authentication server.
- The server issues a service ticket (encrypted with the service key) after verifying the TGT.
- The user device receives and sends the service ticket to the resource server requesting access to the network resource.
- The resource server uses the secret key to decrypt the ticket, allowing the users to access the resource.
Kerberos History
- Massachusetts Institute of Technology (MIT) developed Kerberos for Project Athena in 1988.
- The original goal was to create a distributed computing environment enabling MIT students to access resources and systems anywhere on campus.
- The name ‘Kerberos’ comes from Greek mythology, meaning a three-headed dog who protected the gates of Hades.
- The three heads represent the client/principal, network resource, and the key distribution center (KDC).
Kerberos Limitations
- It doesn’t operate well in a timeshare environment.
- Each network must be customized for compatibility with Kerberos.
- All passwords are encrypted with a single key.