What is Kerberos?

What is Kerberos?

Kerberos is a network authentication protocol that provides strong authentication for client/server applications by using symmetric key cryptography. Kerberos authentication is supported as part of Ericom’s secure host access and remote access solutions.
Kerberos uses encrypted ‘tickets’ that allow nodes over a non-secure network to identify each other securely. Both client and server pass encrypted tickets to a trusted third party - the KDC (Key Distribution Center). The KDC distributes service tickets with decryption key to both client and server.

The following diagram shows the Kerberos process:

The name Kerberos comes from Greek mythology – named after the three-headed dog Cerberus. This is because Kerberos authentication involves three mains parties – the client, the server, and the KDC.

Benefits of Kerberos

Mutual, secure authentication
Both client and server can verify their identities simultaneously, allowing each party to trust the other party for the duration of the session. Kerberos enables secure authentication and data stream encryption, also supporting DES and 3DES encryption.
No passwords needed
Kerberos doesn’t require passwords to be sent by client or server. Instead, mutual authentication ensures that both parties have what they need to decrypt the tickets and identify each other. This means that there are no passwords for packet sniffers to intercept, and information sent during a Kerberos authenticated session is kept secure.
No re-authentication required during a session
Clients on a Kerberos-supported network only have to authenticate themselves and receive a ticket once during each session. When a session expires, a new ticket can be requested.
Easy, fast authentication for subsequent sessions
If a client and server pair have authenticated themselves to each other, a KDC isn’t required in future sessions. Instead, Kerberos allows credentials from the client to be recognized and authenticated directly when starting new session with the same sever, for a super-fast connection.
Easy credentials management and realm configuration
Kerberos Manager allows for easy management and realm configuration for simple deployment and use.