Network Protocols Glossary
What is a network protocol? Protocols are the rules of the road for how data exists and moves on the network. They allow many different systems and computers to communicate.
Kerberos Protocol
What is Kerberos Protocol?
Kerberos is one of the oldest authentication protocols in existence and it has been heavily used by Microsoft for authentication purposes for decades. Developed at MIT in the 1980's, it became an IETF Standard in 1993. Kerberos, so named as a reference to the three-headed dog from ancient Greek mythology, uses a three way authentication mechanism that inserts a trusted third party called the Key Distribution Center (KDC) into the authentication process. This KDC breaks down into two logical services called the Authentication Server (AS) and the Ticket Granting Server (TGS). The fundamental concept is to eliminate the need to send passwords over the network; instead a hash of the user's password is sent and checked on both sides of the connection.
What is the purpose of Kerberos
While it is derived from symmetric key algorithms which use the same key for encryption as for decryption, Kerberos is capable of both symmetric and asymmetric cryptography.
Authentication is a complex process, but here is a simplified rundown:
- 1. Client enters login information.
- 2. The Kerberos client creates an encryption key and sends a message to the authentication server (AS).
- 3. The AS uses this key to create a temporary session key and sends a message to the ticket granting service (TGS).
- 4. TGS grants the client a ticket and server session key.
- 5. Client uses these to authenticate with the server and get access.