Database Reference
In-Depth Information
Introducing Kerberos
Kerberos is a network authentication protocol that has been designed to provide a robust
authentication solution by employing secret key cryptography.
Massachusetts Institute of
Technology
(
MIT
) has implemented a free version of this protocol, which is widely used.
Kerberos addresses the following requirements:
• Kerberos makes it easy for users to log on and use the different resources on a net-
work without having to go through the login procedure for access to each resource
or service. In other words, Kerberos supports single sign-on access that would ex-
pect the user to log in only once into the system with seamless authorization to ac-
cess the rest of the resources.
• Distributed systems involve a large number of nodes connected to form a cluster,
just like the Internet we use daily. These nodes could have malicious users that
could take advantage of any flaws that exist in the network. Kerberos works well
in such environments and protects the network from such users.
• Kerberos is pluggable to any suite of applications without major modifications.
• Kerberos is extremely stringent in terms of data or information transfer and does
not perform any exchange unless the requesting user is authenticated as a valid
user by Kerberos.
• There are several people who connect to a network with the intention to steal login
credentials from other users trying to authenticate to a network. They do this by
eavesdropping on the network and extracting passwords that are sent over the wire
for authentication. Kerberos is resilient and does not send the password over the
wire, thus eliminating the chance of being compromised.
• Kerberos maintains all its authentication-related information in one place and does
not maintain it in any distributed fashion across the network. Credential manage-
ment is more efficient when managed from a single command center.
Let's explore the previously mentioned features of the Kerberos system by getting to know
the architecture of the Kerberos protocol.
