Kerberos provides a centralize authentication server whose function is to authenticate users to servers and servers to users. In Kerberos Authentication server and database is used for client authentication. Kerberos run as a third-party trusted server known as the Key Distribution Center (KDC). Each user and service on the network is a principal.
The main components of Kerberos are:
- Authentication Server (AS):
The Authentication Server performs the initial authentication and ticket for Ticket Granting Service.
The Authentication Server verifies access rightd of users in database.
- Ticket Granting Server (TGS):
The Ticket Granting Server issues the ticket for the Server
User logon and request services on host. Thus user request for ticket-granting-service.
Authentication Server verifies user’s access right using database and then gives ticket-granting-ticket and session key. Results are encrypted using Password of user.
Decryption of message is done using the password then send the ticket to Ticket Granting Server. The Ticket contain authenticators like user name and network address.
Ticket Granting Server decrypts the ticket send by User and authenticator verifies the request then creates the ticket for requesting services from the Server.
User send the Ticket and Authenticator to the Server.
Server verifies the Ticket and authenticators then generate the access to the service. After this User can access the services.
- What are VoIP, PSTN, and POTS ?
- Design Issues in Network Layer
- Compression of IPv6 address
- Difference between Information Security and Network Security
- Distributed Objects Computing: The next generation of client-server computing
- Difference between Coaxial Cable and Twisted Pair Cable
- Calculation of TCP Checksum
- Difference between Phishing and Pharming
- Difference between Network Security and Cyber Security
- Alternate method to find DBA from given IP address
- Difference between WiFi and HotSpot
- Stop and Wait protocol, its problems and solutions
- Difference between segments, packets and frames
- Finding DBA from given IP address
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.