What is Kerberos and How Does it Work?
Kerberos V5 is based on the Kerberos authentication system developed
at MIT. Under Kerberos, a client (generally either a user or a service)
sends a request for a ticket to the Key Distribution Center (KDC). The
KDC creates a ticket-granting ticket
(TGT) for the client,
encrypts it using the client's password as the key, and sends the
encrypted TGT back to the client. The client then attempts to decrypt
the TGT, using its password. If the client successfully decrypts the
, if the client gave the correct password), it keeps the
decrypted TGT, which indicates proof of the client's identity.
The TGT, which expires at a specified time, permits the client to obtain
additional tickets, which give permission for specific services. The
requesting and granting of these additional tickets is user-transparent.