Kerberos

Briefly and approximately, here's how Kerberos works:

1. Suppose you want to access a server on another computer (which you may get to by sending a Telnet or similar login request). You know that this server requires a Kerberos "ticket" before it will honor your request.
2. To get your ticket, you first request authentication from the Authentication Server (AS). The Authentication Server creates a "session key" (which is also an encryption key) basing it on your password (which it can get from your user name) and a random value that represents the requested service. The session key is effectively a "ticket-granting ticket."
3. You next send your ticket-granting ticket to a ticket-granting server (TGS). The TGS may be physically the same server as the Authentication Server, but it's now performing a different service.The TGS returns the ticket that can be sent to the server for the requested service.
4. The service either rejects the ticket or accepts it and performs the service.
5. Because the ticket you received from the TGS is time-stamped, it allows you to make additional requests using the same ticket within a certain time period (typically, eight hours) without having to be reauthenticated. Making the ticket valid for a limited time period make it less likely that someone else will be able to use it later.

The actual process is much more complicated than just described. The user procedure may vary somewhat according to implementation.

See more scary tech terms in The Vault of Tech Terror.

Read more about Kerberos: - For a more detailed description, see The Moron's Guide to Kerberos. - For a longer explanation in the form of a Socratic dialog, we recommend Designing an Authentication System: A Dialogue in Four Scenes.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

BROWSE BY TAG Two-Factor and Multifactor Authentication Strategies,   Enterprise Identity and Access Management,   User Authentication Services,   NAC and Endpoint Security Management,   Enterprise Network Security,   Network Access Control Basics,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT PCI compliance requirement 7: Restrict access Diana Kelley and Ed Moyle of Security Curve review PCI compliance requirement 7: "Restrict access to cardholder data." PCI compliance requirement 9: Physical access For Requirement 9 of the PCI Data Security Standard, basic physical controls are required for the facilities that process cardholder data. In this... Best practices: How to implement and maintain enterprise user roles Effective enterprise role management is essential for properly managing user access rights and enforcing access policies, but the implementation...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary AAA server  (SearchSecurity.com) authentication  (SearchSecurity.com)