What is Kerberos?
Kerberos is a MIT-developed system or protocol for computer network authentication. Using a process or technique called secret-key cryptography, Kerberos features a very strong authentication system for various applications that run in a particular network. With Kerberos, various nodes are required to undergo an authentication process even if it is part of an unsecured network. Both the user and the server are also required to have authentication and verification of each other’s identity which is part of Kerberos’ security package.
The Massachusetts Institute of Technology developed Kerberos to serve as network protection for Project Athena. This particular project provides for a MIT-wide distributed computing environment and this was developed along with IBM and Digital Equipment Corporation. The term “kerberos” was taken from the Greek term “Cerberus” which is known in Greek mythology as the monster guard dog of the character Hades. Many versions were said to exist with the Kerberos protocol but the earlier ones were only used internally by the MIT. Version 4 developed by Steve Miller and Clifford Neuman was the first to be published back in the late part of the 1980s.
A typical setup using the Kerberos protocol involves an authenticating password required for every user and application used in a particular network. In the case when a user wants to use a particular program, he/she will be asked by the Kerberos server to provide his/her own password. Once the server is done with the authentication process, only then will it allow for the application to be used. Along the way, all communication between the user and the Kerberos server is encrypted for increased security.
As with other systems and protocols, using Kerberos also has limitations. One such limitation is in the time requirements of the system. When a user requests to use a particular program for example, the Kerberos server will grant some sort of ticket that expires at a specific time. Users must be able to login and authenticate him/herself at that time period in order to access the particular program. Kerberos also requires that the server is turned on all the time, which simply means that a user cannot login if the server is down.