An access control system that was developed at MIT in the 1980s. Turned over to the IETF for standardization in 2003, it was designed to operate in both small companies and large enterprises with multiple domains and authentication servers. The Kerberos concept uses a "master ticket" obtained at logon, which is used to obtain additional "service tickets" when a particular resource is required.
Kerberos Checks Passwords Once
When users log in to a Kerberos system, their password is encrypted and sent to the authentication service in the Key Distribution Center (KDC). If successfully authenticated, the KDC creates a master ticket that is sent back to the user's machine. Each time the user wants access to a service, the master ticket is presented to the KDC in order to obtain a service ticket for that service. The master-service ticket method keeps the password more secure by sending it only once at logon. From then on, service tickets are used, which function like session keys.
From the Greeks
The name comes from Greek mythology in which a three-headed dog guards the gates to Hades (Hades is the home of the dead beneath the earth, otherwise known as hell).
It's About Tickets
After users are authenticated, they are granted a master ticket that is used to obtain service tickets. Service tickets act like session keys in other security systems.
Kerberos Checks Passwords Once
When users log in to a Kerberos system, their password is encrypted and sent to the authentication service in the Key Distribution Center (KDC). If successfully authenticated, the KDC creates a master ticket that is sent back to the user's machine. Each time the user wants access to a service, the master ticket is presented to the KDC in order to obtain a service ticket for that service. The master-service ticket method keeps the password more secure by sending it only once at logon. From then on, service tickets are used, which function like session keys.
From the Greeks
The name comes from Greek mythology in which a three-headed dog guards the gates to Hades (Hades is the home of the dead beneath the earth, otherwise known as hell).
It's About Tickets
After users are authenticated, they are granted a master ticket that is used to obtain service tickets. Service tickets act like session keys in other security systems.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2008 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- What's wrong with an exploit being sexy?
- First off, let me start by saying _dietrich has been following our blog for quite some time and is a consistent poster, providing good advice on how to use Linux securely, sometimes as an alternative to Windows technologies. I wouldn't have commented about this in a blog posting, except that...
- Blog posts 2008-06-10
- Do we need two open source office suites?
- Do we need two open source office suites?That Made Me Scratch My Head, TooMethinks Dana needs to go back and double-check his sources. And, by the way, StarOffice's roots actually go back much further than that: Star Division's StarWriter was first developed back in the mid-80's for CP/M. ...
- Discussion threads 2008-06-05
- Dan Geer leaves Verdasys for In-Q-Tel
- Dan Geer, a risk-management pioneer who is often described as "the dean of the security deep-thinkers' set," has left Verdasys to join In-Q-Tel as chief information security officer. Geer left will remain on the masthead at Verdasys as Chief Scientist Emeritus. At In-Q-Tel, he will report directly...
- Blog posts 2008-05-28
- Samba 3.2 reflects open source project's ambivalence toward Microsoft
- Samba's forthcoming version 3.2 release capitalizes on Microsoft's interoperability commitments while also guarding against patent covenants that threaten the GPL. Samba 3.2, which is expected to be released in roughly one month's time, offers improved integration with the Active Directory in Windows Server 2003 and recently released...
- Blog posts 2008-05-08
- VanDyke ClientPack for Windows and UNIX (html)
- The VanDyke ClientPack command-line utilities securely automate routine file transfer, shell, and public-key administration tasks, saving you time, reducing potential human error, and increasing compliance with security policies. The ClientPack includes: vsftp, an interactive SFTP command-line utility for secure file transfer; vcp, a command-line file transfer utility; vsh, a command-line...
- Software downloads 2008-04-28
- Centrify's Tom Kemp: Here's the map to avoiding Microsoft's patent minefield
- On February 21 of 2008, just two months ago, Microsoft announced "strategic changes in technology and business practices to expand interoperability." These changes, which would be incorporated into a set of "Interoperability Principles" that would provide API and protocol documentation for connectivity to and from their "high-volume business products" naming...
- Blog posts 2008-04-22
- Security Update 2008-002 released
- Apple yesterday released Security Update 2008-002 (50.5MB) for Mac OS 10.4.11 and 10.5.2. The update, which appears in Software Update, is recommended "for all users and improves the security of Mac OS X." The previous 2008-001 Security Update is incorporated into this update and a restart is...
- Blog posts 2008-03-19
- "Vista Capable" logo - what went wrong?
- "Vista Capable" logo - what went wrong?What went wrong was simple....... MS proved once again that they are a marketing company and not a technology company. Marketing takes precedence. It doesn't matter if the customer gets scr3wed because they're a monoply and the customer's only purpose is to fill the...
- Discussion threads 2008-02-28
- Will+the+EU+fine+change+Microsoft%3F
- Will+the+EU+fine+change+Microsoft%3FOf course not.MSFT is run by the corporate equivalent of a rogue regime, the largest disinformation organization in the world. Only when the financial hurt becomes too high and the regime is toppled by the shareholders will anything change.The current regime is far too filled with liars, cheats and...
- Discussion threads 2008-02-28
- Microsoft+courts+open-source+vendors+to+support+Win+Server+2008
- Microsoft+courts+open-source+vendors+to+support+Win+Server+2008I just can NOT stop laughing. Like save all that money on the otherapplications so you can turn it over to MS for a server that does not work as good as Linux????? I mean, like, who is THAT stupid???? Stevie and Billy are dreaming.Of all the open source projects,...
- Discussion threads 2008-02-26
- OOXML+vs.+ODF%3A+What%27s+happening+this+week
- OOXML+vs.+ODF%3A+What%27s+happening+this+weekYour headline says much. ODF vs OOXMLAnd as usual the "press" Mary Jo would like others to see it that way when in fact it is not. Folks, its just another standard that offers users CHOICE in what they use. Nothing more, nothing less.The only reason the...
- Discussion threads 2008-02-25
- Microsoft Messenger for Mac (dmg)
- Convenience is the name of the game for Mac users who want to communicate instantly with family, friends and colleagues from one convenient place. To help you do this, we've created our first Universal application: Microsoft Messenger for Mac. Messenger gives you more ways to share whats on your mind...
- Software downloads 2008-02-12
- TechNet Webcast: Windows Compare (Part 2 of 6): Supporting Linux Users in a Windows Environment (Level 200)
- This paper covers a number of topics regarding the interoperability between Windows and Linux. It looks at using Kerberos and Active Directory to provide single sign on in a mixed world. It discusses scripts and explores ways to migrate scripts from Linux to Windows. The webcast also explains how to...
- Webcasts 2008-01-25
- Java vs. Android APIs
- Google's mobile phone platform, Android, supports a relatively large subset of the Java Standard Edition 5.0 library. Some things were left out because they simply didn't make sense like printing, and others because better APIs are available that are specific to Android like user interfaces. This article lists what is...
- Blog posts 2008-01-14
- AbsoluteTelnet Telnet / SSH / SFTP Client (exe)
- AbsoluteTelnet provides Telnet, SSH, SSH2, SFTP, dialup, and serial connectivity in the new tabbed multi-session interface or the classic single-session interface. A wide range of emulations are provided, including VT100, VT220, VT320, XTERM, WYSE60, ANSI, SCO-ANSI, ANSI-BBS, and QNX. Packed with options such as SOCKS5, IPV6, BIDI bidirectional text, Arabic...
- Software downloads 2007-12-18
- ExtremeZ-IP File Server (zip)
- ExtremeZ-IP File Server software adds Macintosh file sharing AppleShare to Windows file servers. ExtremeZ-IP File Server is the first and only Windows-based file server that fully supports Mac OS X, making it a must have for mixed Mac and Windows computing environments. ExtremeZ-IP File Server delivers a stable and compatible...
- Software downloads 2007-12-10
- PowerTerm InterConnect for Windows (exe)
- PowerTerm InterConnect for Windows supports over 35 terminal emulation types and works on Windows 95, 98, ME, NT, 2000, XP and 2003 platforms. PowerTerm InterConnect offers a flexible and extensive feature set to maximize users' time while providing a wide range of options. PowerTerm InterConnect's small footprint makes it a...
- Software downloads 2007-12-05
- Apple monster update fixes 41 Mac OS X, Safari vulnerabilities
- Apple today released a monster update to provide belated cover for at least 41 security holes in its flagship Mac operating system. With Security Update 2007-008 and Mac OS X v10.4.11, Apple patches multiple "highly critical" flaws that could cause unexpected system shutdowns, drive-by-malware downloads and remote...
- Blog posts 2007-11-14
- Michael Barrett on Web 2.0: This stuff scares the hell out of me
- When Michael Barrett (CISO, Paypal) heard the Eric Nolin was putting on Defrag, he called up and said "I'd like to come and talk because this stuff scares the hell out of me." His key messages: a we're doomed to repeat history if we ignore it and b security is...
- Blog posts 2007-11-05
- Radmin Server and Viewer (zip)
- Radmin Remote Administrator is a popular, award winning secure remote control software which enables you to work on a remote computer in real time as if you were using its own keyboard and mouse. You can remotely access the same computer from multiple places, using File Transfer, Text and Voice...
- Software downloads 2007-11-05
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Hardware Assisted Virtualization to Mitigate Security Risks
-
In this podcast Intel's Malcolm Harkins and HP's Manny Novoa chat about the latest issues in security technologies, notably the emergence of hardware assisted virtualization.
- Watch the Podcast on the Intel Open Port General Blog >>
- BNET Industries
- Check out BNET's newest resource for managers and executives. Need to do research on your competitors? Don't have time to read every trade pub? BNET Industries is the new source for daily news, insights, and research on 11 major industries and 9,000 public companies.
-
- The technology industry from a different angle
-
- See what's hot in the auto industry
-
- Stay on top of the energy industry
