- Tech know how online


Kerberos is an authentication mechanism developed by the Massachusetts Institute of Technology( MIT) for MIT's Athena project. It is an encryption method that was initially based on symmetric encryption, but was later extended to include asymmetric encryption for initial authentication. In addition to encrypting secret data, Kerberos prevents eavesdropping or falsification of the key or data, for which purpose the information is encoded using the DES algorithm.

Kerberos has established itself as the standard protocol for single sign-on( SSO) in Unix and Windows networks. A user authenticates himself once with the central Key Distribution Center( KDC), and further authentication with other services is performed automatically without any interaction on the part of the user.

Kerberos architecture

Kerberos architecture

The Keberos architecture recognizes the Key Distribution Center (KDC), which handles key generation and management for a Kerberos session, and which consists of the Authentication Server( AS) and the Ticket Granting Server( TGS).

Kerberos terminology

Kerberos terminology

The Kerberos client initiates the login request to the Authentication Server, which calculates the key from the user's password and sends it to the Kerberos client along with the session key as a Ticket Granting Ticket( TGT). To use a Kerberos service such as the POP protocol, it needs a Service Ticket( ST), which it receives from the Ticket Granting Server on request. After receiving the Ticket Granting Ticket and the Session Key, which the Kerberos client sends to the Kerberos server, the client is connected to the server for a session after authentication. The Kerberos client converts the password to a DES key, which it uses to decrypt the ticket granting ticket.

Kerberos exists in several versions. Version 4 is described in RFC 1411 as a telnet option. With this option, authentication information is passed between a Telnet client and a Telnet server when a connection is established. Version 5, described in RFC 1510, is a Keberos Network Authentication System.

In addition to MIT-Kerberos, there are free implementations. It is also used as part of Active Directory Services by Microsoft.

Englisch: Kerberos
Updated at: 19.01.2012
#Words: 326
Links: authentication, management information tree (MIT), project, encryption method, indium (In)
Translations: DE

All rights reserved DATACOM Buchverlag GmbH © 2022