What is Kerberos?
Kerberos is an authentication system that uses private key encryption. Developed by MIT, Kerberos allows you to prove (using your password) that you are who you say you are. With Kerberos, your password is encrypted before it is sent over the network; it is never sent in the clear. Kerberos is the authentication system used on campus.
Developed by MIT, Kerberos is a system that provides authenticated access for users and services on a network. At Indiana University, your Kerberos identity is established through your Network ID. Thus, Kerberos is used to access the dial-in modem pools and Account Management Service. With Kerberos, by exchanging time-sensitive tickets, you can make transactions secure without sending passwords in plaintext over the network. For a program to take advantage of Kerberos, it must be Kerberized, which means that it can obtain tickets from the Kerberos server and negotiate with a Kerberos-aware service. Just about any program can be Kerberized, including web browsers, telnet applications, POP email clients, and print utilities. Similarly, services that can be made Kerberos-aware include web sites, printers, file servers, and POP mail servers. Though it’s a fairly complex protocol, following are a few basic characteristics: • Every user and every service has a password.
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.
Kerberos is a secure method for authenticating a request for a service in a computer network, and is used to verify a user or host identity. Kerberos lets a user request an encrypted “ticket” from an authentication process that can then be used to request a particular service from a server. The user’s password does not have to pass through the network. Put simply, it is a more secure form of Windows Authentication versus NTLM. Also, understand that Kerberos is not a Windows specific technology. Windows will always try to use Kerberos first over TCP. If that doesn’t work, it will drop down to NTLM. The exception to this is if you are trying to access a resource that is local. NTLM will always be used when accessing local resources. Also note that Kerberos cannot currently be used over Named Pipes or Shared Memory.
