Kerberos provides a centralize authentication server whose function is to authenticate users to servers and servers to users. In Kerberos Authentication server and database is used for client authentication. Kerberos run as a third-party trusted server known as the Key Distribution Center (KDC). Each user and service on the network is a principal.

The main components of Kerberos are:

  • Authentication Server (AS):
    The Authentication Server performs the initial authentication and ticket for Ticket Granting Service.
  • Database:
    The Authentication Server verifies access rightd of users in database.
  • Ticket Granting Server (TGS):
    The Ticket Granting Server issues the ticket for the Server

Kerberos Overview:

  • Step-1:
    User logon and request services on host. Thus user request for ticket-granting-service.
  • Step-2:
    Authentication Server verifies user’s access right using database and then gives ticket-granting-ticket and session key. Results are encrypted using Password of user.
  • Step-3:
    Decryption of message is done using the password then send the ticket to Ticket Granting Server. The Ticket contain authenticators like user name and network address.
  • Step-4:
    Ticket Granting Server decrypts the ticket send by User and authenticator verifies the request then creates the ticket for requesting services from the Server.
  • Step-5:
    User send the Ticket and Authenticator to the Server.
  • Step-6:
    Server verifies the Ticket and authenticators then generate the access to the service. After this User can access the services.

My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using or mail your article to See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.

Article Tags :
Practice Tags :

Be the First to upvote.

Please write to us at to report any issue with the above content.