Additionally, It is an authentication protocol.
Moreover, It provides a way to authenticate clients to services to each other through a trusted third party.
Requirements of Kerberos
- Secure: It should be strong enough that a potential opponent does not find it to be the weak link.
- Reliable: For all services that rely on Kerberos for access control, lack of availability of the Kerberos service means lack of availability of the supported services. Hence, Kerberos should be highly reliable and should employ distributed server architecture, with one system able to back up another.
- Transparent: Ideally, the user should not be aware that authentication is taking place, beyond the requirement to enter a password.
- Scalable: The system should be capable of supporting large numbers of clients and servers. This suggests a modular, distributed architecture.
Kerberos protocol Terminology
- Authentication Server (AS): A server that issues tickets for the desired service which are in turn given to users for access to the service.
- Client: Moreover, An entity on the network that can receive a ticket from Kerberos.
- Credentials: A temporary set of electronic credentials that verify the identity of a client for a particular service. It also called a ticket.
- Credential cache or ticket file: A file which contains the keys for encrypting communications between a user and various network services.
- Crypt hash: Moreover, A one-way hash used to authenticate users.
- Key: Data used when encrypting or decrypting other data.
- Key distribution center (KDC): A service that issue Kerberos tickets and which usually run on the same host as the ticket-granting server (TGS).
- Realm: A network that uses Kerberos composed of one or more servers called KDCs and a potentially large number of clients.
- Ticket-granting server (TGS): A server that issues tickets for the desired service which in turn given to users for access to the service. The TGS usually runs on the same host as the KDC.
- Ticket-granting ticket (TGT): Moreover, A special ticket that allows the client to obtain additional tickets without applying for them from the KDC.