Chapter 11. Kerberos

Kerberos is a network authentication protocol created by MIT which uses secret-key cryptography to secure passwords over the network. Encrypting passwords with Kerberos can help to thwart unauthorized users trying to intercept passwords on the network, thus adding an extra layer of system security.

Advantages of Kerberos

Most conventional network systems use password-based authentication schemes. When a user needs to authenticate to a service running on a network server, they type in their password for each service that requires authentication. Their password is sent over the network, and the server verifies their identity using the password.

However, the transmission of password information in some authenticated services is done in clear text. Any system cracker with access to the network and a packet analyzer, also known as a packet sniffer, can intercept any passwords sent in this manner.

The primary design goal of Kerberos is to eliminate the clear-text passwords transfered across a network. The proper use of Kerberos dramatically lessens the threat of packet sniffers intercepting passwords on your network .