Kerberos is a network authentication protocol that has been designed to provide a robust authentication solution by employing secret key cryptography. Massachusetts Institute of Technology (MIT) has implemented a free version of this protocol, which is widely used.
Kerberos addresses the following requirements:
- Kerberos makes it easy for users to log on and use the different resources on a network without having to go through the login procedure for access to each resource or service. In other words, Kerberos supports single sign-on access that would expect the user to log in only once into the system with seamless authorization to access the rest of the resources.
- Distributed systems involve a large number of nodes connected to form a cluster, just like the Internet we use daily. These nodes could have malicious users that could take advantage of any flaws that exist in the network. Kerberos works well in such environments and protects the network from such users.
- Kerberos is pluggable to any suite of applications without major modifications.
- Kerberos is extremely stringent in terms of data or information transfer and does not perform any exchange unless the requesting user is authenticated as a valid user by Kerberos.
- There are several people who connect to a network with the intention to steal login credentials from other users trying to authenticate to a network. They do this by eavesdropping on the network and extracting passwords that are sent over the wire for authentication. Kerberos is resilient and does not send the password over the wire, thus eliminating the chance of being compromised.
- Kerberos maintains all its authentication-related information in one place and does not maintain it in any distributed fashion across the network. Credential management is more efficient when managed from a single command center.
Let's explore the previously mentioned features of the Kerberos system by getting to know the architecture of the Kerberos protocol.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.