What is Kerberos?
Say you want to access an insecure network, but don't want your password shared across it. You could use Kerberos, a network authentication protocol developed by MIT, in order to verify your identity without exposing login information.
Named after the guard dog of Hades, Kerberos uses mutual authentication, requiring both the user and server to prove their identities.
How does Kerberos work?
While it is derived from symmetric key algorithms which use the same key for encryption as for decryption, Kerberos is capable of both symmetric and asymmetric cryptography.
Authentication is a complex process, but here is a simplified rundown:
- Client enters login information.
- The Kerberos client creates an encryption key and sends a message to the authentication server (AS).
- The AS uses this key to create a temporary session key and sends a message to the ticket granting service (TGS).
- TGS grants the client a ticket and server session key.
- Client uses these to authenticate with the server and get access.