Kerberos Authentication Protocol Overview

April 16, 2018 | Views: 2855

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

What is Kerberos? 

Kerberos is a computer network authentication protocol that works on the basis of tickets. These tickets allow the nodes communicating over a non-secure network to authenticate in a secure manner. Kerberos is built into all major operating systems.

Kerberos is a Client-Server model

Symmetric key model

Meaning of Kerberos: The name Kerberos was taken from a Greek mythology and it means the Three-Headed dog that guarded the gates of Hades. Here, the three heads represent a Client, a Server and a Key Distribution Center(KDC).

Components of a Kerberos :  

Client: One which requires services.

Server: One which provides services.

Key Distribution Center(KDC): A trusted third party organization for handling tickets.

The KDC has two components – Authentication Server and Ticket Granting Server

Protocol Overview: 

1. If a user ‘A’ acting as a Client wants services from a server ‘B’ acting as a Server, it needs a Service ticket to establish a session and communicate with server B.

2. So, A now contacts KDC saying “I am user a and I want a ticket which grants me service ticket for communication (called Ticket Granting Ticket).”

3. This request is received by KDC and the Authentication Server of KDC  checks its database for the availability of the user. The user has to first, get enrolled to be authenticated. Now, as the user is available, the Authentication Server sends a Ticket Granting Ticket(TGT) by encrypting it to the user A and asks the user-A to decrypt the response with his password hash.

4. Now, user-A decrypts the TGT and sends the answer to the Authentication Server.

5. The Authentication Server will now check the hash sent by the user with the hash it has produced for that TGT. If both match, only then the user is authenticated. Now the this TGT is sent to the Ticket Granting Server along with the service that user wants.

6. TGT will now validate the user just like Authentication Server did but now sends a service ticket for the service requested by the user as a response.

7. The client A will now give its service ticket to Server B, and the client-server session is established after authenticating the ticket.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?