0P3N Blog Blog Post
Ready to Start Your Career?
Create Free Account
By: CHITTILLA VENKATA VISWANATH
April 16, 2018

Kerberos Authentication Protocol Overview

By: CHITTILLA VENKATA VISWANATH
April 16, 2018
By: CHITTILLA VENKATA VISWANATH
April 16, 2018
What is Kerberos? Kerberos is a computer network authentication protocol that works on the basis of tickets. These tickets allow the nodes communicating over a non-secure network to authenticate in a secure manner. Kerberos is built into all major operating systems.Kerberos is a Client-Server modelSymmetric key modelMeaning of Kerberos: The name Kerberos was taken from a Greek mythology and it means the Three-Headed dog that guarded the gates of Hades. Here, the three heads represent a Client, a Server and a Key Distribution Center(KDC).Components of a Kerberos :  Client: One which requires services.Server: One which provides services.Key Distribution Center(KDC): A trusted third party organization for handling tickets.The KDC has two components - Authentication Server and Ticket Granting ServerProtocol Overview: 1. If a user 'A' acting as a Client wants services from a server 'B' acting as a Server, it needs a Service ticket to establish a session and communicate with server B.2. So, A now contacts KDC saying "I am user a and I want a ticket which grants me service ticket for communication (called Ticket Granting Ticket)."3. This request is received by KDC and the Authentication Server of KDC  checks its database for the availability of the user. The user has to first, get enrolled to be authenticated. Now, as the user is available, the Authentication Server sends a Ticket Granting Ticket(TGT) by encrypting it to the user A and asks the user-A to decrypt the response with his password hash.4. Now, user-A decrypts the TGT and sends the answer to the Authentication Server.5. The Authentication Server will now check the hash sent by the user with the hash it has produced for that TGT. If both match, only then the user is authenticated. Now the this TGT is sent to the Ticket Granting Server along with the service that user wants.6. TGT will now validate the user just like Authentication Server did but now sends a service ticket for the service requested by the user as a response.7. The client A will now give its service ticket to Server B, and the client-server session is established after authenticating the ticket.

Do you like to write about your infosec knowledge, skills, opinions, or exploits?

Blog Icon

Publish your original research, tutorials, articles, or other written content on Cybray's blog to be seen by thousands of infosec readers daily!

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry