Welcome to Bucaro TecHelp!

Bucaro TecHelp
Maintain Your Computer and Use it More Effectively
to Design a Web Site and Make Money on the Web

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Kerberos Authentication Protocol

Kerberos is an authentication protocol developed by MIT (Massachusetts Institute of Technology), which allows computers communicating over a non-secure network to prove their identity to one another. It uses the symmetric Needham-Schroeder protocol. Kerberos provides mutual authentication; both the clent and the server verify each other's identity.

Kerberos is a suite of free software . It uses symmetric key cryptography which requires a trusted third party, and optionally may use public-key cryptography during certain phases of authentication. Kerberos uses port 88 by default. Windows 2000 and later use Kerberos as their default authentication method.

Kerberos uses a trusted third party, called a key distribution center (KDC), which consists of two parts: an Authentication Server (AS) and a Ticket Granting Server (TGS). It uses "tickets" which serve to prove the identity of users.

The KDC maintains a database of secret keys; client or server on the network shares a secret key known only to itself and to the KDC. Knowledge of this key serves to prove an entity's identity. For communication between two computers, the KDC generates a session key which they can use to secure their interactions.

The security of the protocol relies heavily on participants maintaining loosely synchronized time and on short-lived assertions of authenticity called Kerberos tickets.

How Kerberos Works

Client authenticates itself to the AS

1. The client authenticates itself to the Authentication Server.

Client receives a time-stamped ticket

2. The client receives a time-stamped ticket from the Authentication Server.

The client uses the ticket to demonstrates its identity and ask for a service.

3. The client contacts the Ticket Granting Server (TGS), and using the ticket it demonstrates its identity and asks for a service.

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro

Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2018 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268