Kerberos is a protocol for legitimating the services requests between trusted hosts across the untrusted
network, such as the internet, Kerberos is built into all major operating systems, including Microsoft
Windows, Apple OS X, FreeBSD, and Linux.
Users, machines, and services using Kerberos need only trust the KDC, which runs as a single process
and provides two services: an authentication service and a ticket granting service.
The second name for the Kerberos can be given as the solution to all problems of authentication
The Kerberos protocol relies heavily on an authentication technique that makes use of shared secrets.
The basic concept is quite simple: If a secret is known by only two people,
either person can verify the identity of the other by confirming that the other person knows the secret.
The Kerberos authentication method is not like username/password method. It uses symmetric encryption
and a trusted third party known as the Key Distribution Centre (KDC) to authenticate users to a suite of network services.
new ticket for that specific service from the Ticket-granting Server (TGS). The service ticket is then used to authenticate the user to that service transparently.
TECHNOLOGIES BASED ON KERBEROS
Windows Server 2003 implements the Kerberos V5 authentication protocol as an SSP, which is a
dynamic-link library (DLL) supplied with the operating system. The system uses the Kerberos SSP,
Kerberos.dll, as its first choice for authentication. After the LSA establishes a security context for an
interactive user, another instance of the Kerberos SSP can be loaded by a process running in the user’s
security context in order to support the signing and sealing of messages.