Kerberos is a computer network authentication protocol that allows users to authenticate themselves to a network securely. After authentication, users can access the network’s resources (e.g., files, printers). Kerberos uses encryption to protect users’ credentials and prevent unauthorized access to a network. This protocol is widely used in organizations for network authentication and access control.
How Kerberos works
- A user logs in to a Kerberos-protected network using their login credentials (i.e., username and password).
- The user’s computer sends a request to the Kerberos authentication server.
- The Kerberos authentication server verifies the user’s credentials and issues a ticket-granting ticket (TGT). The TGT is encrypted with a secret key that only the authentication server and the user’s computer share.
- The user’s device receives the TGT and stores it securely. When the user needs to access a resource (e.g., a file server), the user’s device sends a request for a service ticket to the Kerberos authentication server.
- The server verifies the TGT and issues a service ticket. This ticket is also encrypted with a secret key.
- The user’s device receives the service ticket and sends it to the resource server requesting access to the network resource.
- The resource server decrypts the ticket using the secret key, and the user gains access to the resource.
History of Kerberos
- Kerberos was developed at the Massachusetts Institute of Technology (MIT) for Project Athena in 1988.
- The project’s original goal was to create a distributed computing environment for MIT students that would allow them to access the system and resources anywhere on campus.
- The name “Kerberos” is from Greek mythology: Kerberos was a three-headed dog who guarded the gates of Hades.
- The dog’s three heads represent the client/principal, the network resource, and the key distribution center (KDC).