
	Kerberos


	Home > Security Definitions - Kerberos

SearchSecurity.com Definitions (Powered by WhatIs.com)

EMAIL THIS

LOOK UP TECH TERMS		Powered by:

Browse tech terms alphabetically:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

Kerberos

Digg This!

StumbleUpon

Del.icio.us

- Kerberos is a secure method for authenticating a request for a service in a computer network. Kerberos was developed in the Athena Project at the Massachusetts Institute of Technology (MIT). The name is taken from Greek mythology; Kerberos was a three-headed dog who guarded the gates of Hades. Kerberos lets a user request an encrypted "ticket" from an authentication process that can then be used to request a particular service from a server. The user's password does not have to pass through the network. A version of Kerberos (client and server) can be downloaded from MIT or you can buy a commercial version.

Briefly and approximately, here's how Kerberos works:

Suppose you want to access a server on another computer (which you may get to by sending a Telnet or similar login request). You know that this server requires a Kerberos "ticket" before it will honor your request.
To get your ticket, you first request authentication from the Authentication Server (AS). The Authentication Server creates a "session key" (which is also an encryption key) basing it on your password (which it can get from your user name) and a random value that represents the requested service. The session key is effectively a "ticket-granting ticket."
You next send your ticket-granting ticket to a ticket-granting server (TGS). The TGS may be physically the same server as the Authentication Server, but it's now performing a different service.The TGS returns the ticket that can be sent to the server for the requested service.
The service either rejects the ticket or accepts it and performs the service.
Because the ticket you received from the TGS is time-stamped, it allows you to make additional requests using the same ticket within a certain time period (typically, eight hours) without having to be reauthenticated. Making the ticket valid for a limited time period make it less likely that someone else will be able to use it later.

The actual process is much more complicated than just described. The user procedure may vary somewhat according to implementation.

See more scary tech terms in The Vault of Tech Terror.

CONTRIBUTORS:	Steve Spence
LAST UPDATED:	04 Jun 2007

Read more about Kerberos:

-	For a more detailed description, see The Moron's Guide to Kerberos.
-	For a longer explanation in the form of a Socratic dialog, we recommend Designing an Authentication System: A Dialogue in Four Scenes.

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Address Authentication and Transaction Validation Protocols to Stem Identity Theft Layer8: Tarnishing Good Names
	Understanding multifactor authentication features in IAM suites In this tip, IAM luminary Joel Dubin explains why multifactor authentication is worth the effort and how to make it work well with IAM suites.
	SaaS Offering Handles SSO TechFocus: New Password Hell?

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

AAA server (SearchSecurity.com)

authentication (SearchSecurity.com)

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Advanced Search | Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy