Australian flagJoin us at the FIDO seminar in Melbourne – Feb 7, 2025!
Back to Overview

What is Kerberos?

Vincent Delitz

Vincent

Created: January 2, 2025

Updated: January 6, 2025

What is Kerberos?#

Kerberos is a network authentication protocol developed at MIT in the 1980s to enhance secure communication over untrusted networks. It ensures secure user and service authentication without transmitting passwords directly, leveraging symmetric key cryptography and a trusted third party known as the Key Distribution Center (KDC).

Key Features of Kerberos#

  • Passwordless Authentication: Employs strong, time-limited secret-key cryptography instead of relying on passwords.
  • Single Sign-On (SSO): Users authenticate once to gain access to multiple services without repeated credential entries.
  • Mutual Authentication: Verifies the identities of both users and servers, ensuring trusted communication.
  • Ticket-based System: Uses encrypted, time-limited tickets containing user identity information for authentication.
Kerberos banner

How Kerberos Works#

  1. Initial Authentication: The client requests an authentication ticket (TGT) from the KDC's Authentication Server (AS).
  2. Ticket Granting: The KDC validates credentials and returns an encrypted TGT and session key.
  3. Service Access: The client uses the TGT to request a service ticket from the Ticket Granting Server (TGS).
  4. Service Authentication: The service ticket is presented to the server, granting access upon verification.

Advantages of Kerberos#

  • Enhanced Security: Passwords are never transmitted over the network, reducing interception risks.
  • Centralized Authentication: Provides a single point for managing logins and enforcing security policies.
  • Scalability: Designed for large, distributed networks and integration with various operating systems.
Substack Icon

Subscribe to our Passkeys Substack for the latest news, insights and strategies.

Subscribe

Applications of Kerberos#

Kerberos is widely used in:

  • Microsoft Windows Active Directory
  • UNIX and Linux systems
  • Single Sign-On (SSO) implementations
  • Network service security, including SSH, POP, and SMTP protocols.

Share this article

LinkedInTwitterFacebook

Enjoyed this read?

🤝 Join our Passkeys Community

Share passkeys implementation tips and get support to free the world from passwords.

Join for free

🚀 Subscribe to Substack

Get the latest news, strategies, and insights about passkeys sent straight to your inbox.

Subscribe for free

We provide UI components, SDKs and guides to help you add passkeys to your app in <1 hour

Start for free

Related Terms

Related Articles

passkeys-single-sign-on-sso
Passkeys Strategy

Passkeys and Single Sign-On (SSO)

Janina - November 16, 2022

B2C Authentication is Broken: Here's Why Preview
Authentication

B2C Authentication is Broken: Here's Why

Vincent - June 13, 2024

3-authentication-factors-sign-up-conversion
Authentication

3 Authentication Factors That Make or Break Your Conversion Rate

Janina - November 23, 2022