PhxBUG - Phoenix BSD User Group

Kerberos is a network authentication protocol designed at MIT in the mid-eighties.

The overall idea behind Kerberos is to introduce a trusted third party onto the network that can serve to provide trust between users, servers, and services without passing credentials and duplicating authentication on the network. It is also an effective way of protecting the network from the bad guys on the inside of the network. This trusted third party is the Kerberos server.

Kerberos was designed during a time when a lot of cleartext protocols were in wide use, such as Telnet, rlogin, rsh, and so on. These protocols typically passed login information over the network in such a way that unintended recipients of the information could intercept it. Despite the fact that today many of these protocols are replaced by SSH or protected using SSL, Kerberos is still a strong candidate for a network authentication solution because user account information for multiple systems can be centralized in one database.