Kerberos can only be used within a trusted environment, and passwords are never sent over the network. Review the terms principal, realm, and ticket. What is the authentication flow for Kerberos? What are its limitations?
Kerberos is a network authentication protocol for client-server applications based on cryptographic keys. It's used in Windows 2000, Windows XP and Windows Server 2003 and later systems. Because it's an open standard, it can also used by non-Windows systems.
Unlike password-based authentication systems, passwords are never sent over the network. Kerberos authenticates by verifying identities of users and servers within a trusted environment. As such, Kerberos is inaccessible for outsiders. Once authenticated, the user or client can access multiple services without needing to authenticate again for each service. Encrypted tickets are used instead of passwords.
Security aspects covered by Kerberos include authentication, access control, and key exchange.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.