Kerberos Authentication Protocol
By Stephen Bucaro
Kerberos is an authentication protocol developed by MIT (Massachusetts Institute
of Technology), which allows computers communicating over a non-secure network to
prove their identity to one another. It uses the symmetric Needham-Schroeder protocol.
Kerberos provides mutual authentication; both the clent and the server verify each
Kerberos is a suite of free software . It uses symmetric key cryptography which
requires a trusted third party, and optionally may use public-key cryptography during
certain phases of authentication. Kerberos uses port 88 by default. Windows 2000
and later use Kerberos as their default authentication method.
Kerberos uses a trusted third party, called a key distribution center (KDC), which
consists of two parts: an Authentication Server (AS) and a Ticket Granting Server (TGS).
It uses "tickets" which serve to prove the identity of users.
The KDC maintains a database of secret keys; client or server on the network shares
a secret key known only to itself and to the KDC. Knowledge of this key serves to
prove an entity's identity. For communication between two computers, the KDC generates
a session key which they can use to secure their interactions.
The security of the protocol relies heavily on participants maintaining loosely
synchronized time and on short-lived assertions of authenticity called Kerberos tickets.
How Kerberos Works
1. The client authenticates itself to the Authentication Server.
2. The client receives a time-stamped ticket from the Authentication Server.
3. The client contacts the Ticket Granting Server (TGS), and using the ticket it demonstrates its identity and asks for a service.