Kerberos


Also found in: Financial, Wikipedia.

Kerberos

(security)
The authentication system of MIT's Project Athena. It is based on symmetric key cryptography. Adopted by OSF as the basis of security for DME.

Kerberos

An access control system that was developed at MIT in the 1980s. Turned over to the IETF for standardization in 2003, it was designed to operate in both small companies and large enterprises with multiple domains and authentication servers. The Kerberos concept uses a "master ticket" obtained at logon, which is used to obtain additional "service tickets" when a particular resource is required.

Kerberos Checks Passwords Once
When users log in to a Kerberos system, their password is encrypted and sent to the authentication service in the Key Distribution Center (KDC). If successfully authenticated, the KDC creates a master ticket that is sent back to the user's machine. Each time the user wants access to a service, the master ticket is presented to the KDC in order to obtain a service ticket for that service. The master-service ticket method keeps the password more secure by sending it only once at logon. From then on, service tickets are used, which function like session keys.

From the Greeks
The name comes from Greek mythology in which a three-headed dog guards the gates to Hades (Hades is the home of the dead beneath the earth, otherwise known as hell).


It's About Tickets
After users are authenticated, they are granted a master ticket that is used to obtain service tickets. Service tickets act like session keys in other security systems.
References in periodicals archive ?
We believe the Kerberos thrombectomy system is a great first addition to FoxHollow's product portfolio, which previously has been focused exclusively on SilverHawk Plaque excision in peripheral vessels.
This service solution is a companion to the DirectControl-enabled versions of OpenSSH, Kerberos Utilities, PuTTY, and Samba that Centrify provides free to all of its customers.
RadiantOne integrates seamlessly in an Active Directory / Kerberos domain extending Windows authentication and Single Sign On (SSO) to applications that are not Windows based (Linux, Unix, Mainframes).
As Active Directory becomes the center of many enterprises' infrastructures, products from partners such as Vintela can allow Unix and Java platforms to participate in the advantages that Active Directory and the Windows Server platform provides, such as enterprise-wide support for Kerberos and the foundation for single sign-on," said Jackson Shaw, product manager, Windows Server Marketing, Microsoft Corporation.
encompass numerous important improvements in the Kerberos system, and to engage in much needed evangelism among potential adopters.
Kerberos is the 'proof of identity' technology used to provide authentication in Windows 2000.
The application provides broad support for Kerberos and other Windows Security components; Active Directory; Windows Management Instrumentation; Microsoft clusters; OLE/DB compliant databases and much more, thus reducing costs by simplifying deployment and use in Microsoft Windows shops.
Kerberos is embedded in many vendors' software, including Microsoft Windows, although Microsoft's version of Kerberos has been altered from the generally accepted standard.
Users can now use alternate database login authentication like Kerberos authentication (tested with Oracle(R), Sybase(R) and IBM DB2(R) databases).
Under the changes announced today, Passport will use the proven Kerberos standard to do open and federated authentication among organizations, erasing the technical barriers that prevented the trustworthy sharing of user credentials among independent, competing or otherwise incompatible systems.
Other open source projects using Berkeley DB include BSD UNIX, OpenLDAP, Kerberos, JBossCache, Sendmail, OpenOffice, and many others.