Chapter 10. Kerberos

Kerberos is a network authentication protocol created by MIT which uses secret-key cryptography — obviating the need to send passwords over the network. By authenticating using Kerberos, unauthorized users trying to intercept passwords on the network are effectively thwarted.

Advantages of Kerberos

Most conventional network systems use password-based authentication schemes. When a user authenticates to a network server, he must supply a user name and password for each service requiring authentication. This information is sent over the network, and the server verifies their identity using this information.

However, the transmission of authentication information for many services is in plain text. An attacker with access to the network and a packet analyzer, also known as a packet sniffer, can intercept any passwords sent in this manner.

The primary design goal of Kerberos is to eliminate the transmission across the network of authentication information. The proper use of Kerberos effectively eliminates the threat packet sniffers would otherwise pose on a network.