Kerberos


Also found in: Financial, Wikipedia.

Kerberos

(security)
The authentication system of MIT's Project Athena. It is based on symmetric key cryptography. Adopted by OSF as the basis of security for DME.

Kerberos

An access control system that was developed at MIT in the 1980s. Turned over to the IETF for standardization in 2003, it was designed to operate in both small companies and large enterprises with multiple domains and authentication servers. The Kerberos concept uses a "master ticket" obtained at logon, which is used to obtain additional "service tickets" when a particular resource is required.

Kerberos Checks Passwords Once
When users log in to a Kerberos system, their password is encrypted and sent to the authentication service in the Key Distribution Center (KDC). If successfully authenticated, the KDC creates a master ticket that is sent back to the user's machine. Each time the user wants access to a service, the master ticket is presented to the KDC in order to obtain a service ticket for that service. The master-service ticket method keeps the password more secure by sending it only once at logon. From then on, service tickets are used, which function like session keys.

From the Greeks
The name comes from Greek mythology in which a three-headed dog guards the gates to Hades (Hades is the home of the dead beneath the earth, otherwise known as hell).


It's About Tickets
After users are authenticated, they are granted a master ticket that is used to obtain service tickets. Service tickets act like session keys in other security systems.
References in periodicals archive ?
With images of Kerberos transmitted from the spacecraft on October 20, the Pluto family portrait is complete.
In order of increasing distance, their names are Styx (just beyond Charon), then Nix, Kerberos and Hydra.
Pluto and its largest moon, Charon, form a binary system surrounded by four smaller moons: Styx, Nix, Kerberos, and Hydra.
This protocol has properties of Kerberos and Key-Exchange protocols together with a powerful intruder model.
Formally referred to as "P4" and "P5," the two moons are now known as Kerberos and Styx respectively, Fox News reported.
Styx, formerly P5, and Kerberos, formerly P4, were voted on by the public and approved on Tuesday by the (http://www.
Support for server-based authentication is standard, including authentication protocols like RADIUS, TACACS+, LDAP, NIS, and Kerberos and keyboard/mouse/video encryption.
Basically this is done by setting up your UNIX systems as a Kerberos 5 client and having the Windows 2000 box act as the KDC.
Advancements have been made to the open-standard UNIX-based foundation, including support for the latest open source libraries, commands and technologies, x11 applications, Ipv6, Kerberos integration and an improved NFS file system.
However, using security protocols like public or private key exchanges or Kerberos, transactions can take place only between included parties.
TrustBridge has been re-worked to accept security tokens other than Kerberos, by adding support for WS-Security.
Kerberos, a server-based generator of encrypted, temporary certificates of identity, was developed at MIT and is an open-standard component found in most authentication software.