Kerberos

Kerberos authentication protocol (KAP)

Kerberos is a network authentication protocol that is implemented for authenticating requests in computer networks. It is based on the client-server model, which uses an encryption technology and a “ticket” mechanism to prove the identity of a user on a non-secure network. Kerberos protocol messages protect the network from replay attacks and eavesdropping. It commonly uses public-key cryptography while authenticating users attempting to access the server.

~ The Kerberos protocol consists of the following steps: 

• Step 1: A user sends his/her credentials to the authentication server.
• Step 2: The authentication server hashes the password of the user and verifies the credentials with those in the active directory database. If the credential matches, then the authentication server (consisting of the ticket granting service (TGS)) sends back the TGS session key and ticket granting ticket (TGT) to the user to create a session. 
• Step 3: Once users are authenticated, they send the TGT to request a service ticket to the server or TGS for accessing the services
• Step 4: The TGS authenticates the TGT and grants a service ticket to the user, which consists of a ticket and a session key. 
• Step 5: The client sends the service ticket to the server. The server uses its key to decrypt the information from the TGS and the client is authenticated to the server.