Kerberos is a computer network authentication protocol designed to allow secure identity verification between nodes communicating over a non-secure network. It works using a system of tickets to authenticate users and services without transmitting passwords over the network, thus preventing eavesdropping and replay attacks. Key points about Kerberos:
- It was developed by MIT in the 1980s as part of Project Athena.
- It operates primarily on a client-server model, providing mutual authentication where both the user and the server confirm each other's identity.
- Uses symmetric-key cryptography and a trusted third-party server called the Key Distribution Center (KDC) to issue encrypted tickets.
- Tickets are time-limited credentials that prove a user's identity for access to network resources.
- Supports Single Sign-On (SSO), allowing users to authenticate once and access multiple services without re-entering credentials.
- The protocol is widely implemented in major operating systems like Windows, macOS, Linux, and Unix.
- Named after the mythological three-headed dog guarding the gates of Hades, symbolizing the three main components: the client, the network resource (application server), and the KDC.
Overall, Kerberos enhances security by verifying identities securely over untrusted networks and preventing unauthorized access to network services. It is a foundational protocol for network authentication and access control in many enterprise environments.
