What is Kerberos Authentication and How does it work?
Kerberos authentication is one of the most popular authentication mechanisms
It is widely used in enterprise environments for authenticating user access to secured services.
How does Kerberos work?
Kerberos uses a Key Distribution Centre (KDC) for functioning, which contains two parts - an Authentication Server (AS) and a Ticket Granting Server (TGS)
Kerberos authentication works in a 3-step process.
1. Client requests the KDC for an Authentication Ticket by entering its username and password (kinit command). KDC contains the database of usernames and passwords
2. KDC authenticates the credentials and returns a Ticket Granting Ticket (TGT) to the client. This contains a session key and is cached on the client machine.
3. When the client wants to access a secured service, it sends its TGT to the Token Server (TGS) and requests a Service Ticket (ST) that authorizes access to that service.
TGS provides the client with a Service Ticket, which the client can then pass to the secured service for access.
The Tickets issued in Kerberos are short-lived, hence will expire after a while.
Advantages of Kerberos Authentication
• Enhanced Security by using encrypted credentials and tickets
• Authenticates only once to get a TGT followed by multiple requests for STs as a part of Single Sign On.
• Scalable to use in large networks and complex enterprise environments.
• Can work with different systems such as Windows AD, allowing for cross platform authentication.
That's a brief overview about Kerberos and how it works.
Do you use Kerberos for your authentication mechanisms?
Let me know. Please do share if you find it informative.
