Kerberos

Briefly and approximately, here's how Kerberos works:

1. Suppose you want to access a server on another computer (which you may get to by sending a Telnet or similar login request). You know that this server requires a Kerberos "ticket" before it will honor your request.
2. To get your ticket, you first request authentication from the Authentication Server (AS). The Authentication Server creates a "session key" (which is also an encryption key) basing it on your password (which it can get from your user name) and a random value that represents the requested service. The session key is effectively a "ticket-granting ticket."
3. You next send your ticket-granting ticket to a ticket-granting server (TGS). The TGS may be physically the same server as the Authentication Server, but it's now performing a different service.The TGS returns the ticket that can be sent to the server for the requested service.
4. The service either rejects the ticket or accepts it and performs the service.
5. Because the ticket you received from the TGS is time-stamped, it allows you to make additional requests using the same ticket within a certain time period (typically, eight hours) without having to be reauthenticated. Making the ticket valid for a limited time period make it less likely that someone else will be able to use it later.

The actual process is much more complicated than just described. The user procedure may vary somewhat according to implementation.

See more scary tech terms in The Vault of Tech Terror.

Learn more about Two-Factor and Multifactor Authentication Strategies

Exploring authentication methods: How to develop secure systems: Discover authentication options and learn how to implement, maintain and secure methods of authentication, such as biometrics and smartcards to avoid breaches and protect data.
Exploring authentication methods: How to develop secure systems: Discover authentication options and learn how to implement, maintain and secure methods of authentication, such as biometrics and smartcards to avoid breaches and protect data.
Quiz: The new school of enterprise authentication: Take this five-question quiz to test your knowledge of Mark Diodati's enterprise authentication lesson.
The New School of Enterprise Authentication: Burton Group's Mark Diodati examines the technologies that cutting-edge organizations use to redefine successful enterprise authentication.
Quiz: Next-generation authentication: A five-question quiz to test your knowledge of the content presented by expert Mark Diodati in this lesson of SearchSecurity.com's Identity and Access Management Security School.
	Future authentication technologies: How to choose the right product: In this Identity and Access Management Security School lesson, Burton Group's Mark Diodati explores innovative and cost-effective user-based authentication technologies.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - For a more detailed description, see The Moron's Guide to Kerberos. - For a longer explanation in the form of a Socratic dialog, we recommend Designing an Authentication System: A Dialogue in Four Scenes.

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT PhoneFactor bolsters authentication using voiceprint identification The telephone-based out-of-band authentication vendor adds voice recognition technology for banks and government agencies. Risk-based multifactor authentication implementation best practices A multifactor authentication implementation can be a hard sell to enterprise executives and users alike. Learn four key strategies to ensure that... Two-factor authentication, vigilance foil password theft Password stealing Trojans, keyloggers and other malware are reaping account credentials by the thousands forcing some to rethink password policies and...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary AAA server  (SearchSecurity.com) authentication  (SearchSecurity.com)