Kerberos is a computer network authentication protocol that allows entities (users or hosts) on a non-secure network to prove their identity to each other in a secure manner. It’s a ticket-based system, meaning it uses encrypted tickets to verify identity rather than transmitting passwords directly over the network. Developed by MIT, it’s widely used in operating systems like Windows, macOS, and others.
Simplified Process Overview
- User Authentication: A user logs in, providing credentials to the Kerberos Authentication Server (AS).
- TGT Issuance: The AS verifies the user and issues a TGT, encrypted with a secret key.
- Service Request: The user presents the TGT to the Ticket Granting Server (TGS) to request a service ticket for a specific service.
- Service Ticket Issuance: The TGS verifies the TGT and issues a service ticket, encrypted with a secret key for that specific service.
- Access Granted: The user presents the service ticket to the target service, which verifies it and grants access.