Ready to Start Your Career?

Kerberos Authentication Protocol Overview



April 16, 2018

What is Kerberos? Kerberos is a computer network authentication protocol that works on the basis of tickets. These tickets allow the nodes communicating over a non-secure network to authenticate in a secure manner. Kerberos is built into all major operating systems.Kerberos is a Client-Server modelSymmetric key modelMeaning of Kerberos: The name Kerberos was taken from a Greek mythology and it means the Three-Headed dog that guarded the gates of Hades. Here, the three heads represent a Client, a Server and a Key Distribution Center(KDC).Components of a Kerberos :  Client: One which requires services.Server: One which provides services.Key Distribution Center(KDC): A trusted third party organization for handling tickets.The KDC has two components - Authentication Server and Ticket Granting ServerProtocol Overview: 1. If a user 'A' acting as a Client wants services from a server 'B' acting as a Server, it needs a Service ticket to establish a session and communicate with server B.2. So, A now contacts KDC saying "I am user a and I want a ticket which grants me service ticket for communication (called Ticket Granting Ticket)."3. This request is received by KDC and the Authentication Server of KDC  checks its database for the availability of the user. The user has to first, get enrolled to be authenticated. Now, as the user is available, the Authentication Server sends a Ticket Granting Ticket(TGT) by encrypting it to the user A and asks the user-A to decrypt the response with his password hash.4. Now, user-A decrypts the TGT and sends the answer to the Authentication Server.5. The Authentication Server will now check the hash sent by the user with the hash it has produced for that TGT. If both match, only then the user is authenticated. Now the this TGT is sent to the Ticket Granting Server along with the service that user wants.6. TGT will now validate the user just like Authentication Server did but now sends a service ticket for the service requested by the user as a response.7. The client A will now give its service ticket to Server B, and the client-server session is established after authenticating the ticket.
Schedule Demo