Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. In Kerberos Authentication server and database is used for client authentication. Kerberos runs as a third-party trusted server known as the Key Distribution Center (KDC). Each user and service on the network is a principal.
The main components of Kerberos are:
- Authentication Server (AS):
The Authentication Server performs the initial authentication and ticket for Ticket Granting Service.
The Authentication Server verifies access rights of users in database.
- Ticket Granting Server (TGS):
The Ticket Granting Server issues the ticket for the Server
User logon and request services on host. Thus user request for ticket-granting-service.
Authentication Server verifies user’s access right using database and then gives ticket-granting-ticket and session key. Results are encrypted using Password of user.
Decryption of message is done using the password then send the ticket to Ticket Granting Server. The Ticket contain authenticators like user name and network address.
Ticket Granting Server decrypts the ticket send by User and authenticator verifies the request then creates the ticket for requesting services from the Server.
User send the Ticket and Authenticator to the Server.
Server verifies the Ticket and authenticators then generate the access to the service. After this User can access the services.