Kerberos

Kerberos is a network authentication service that provides a means of verifying the identities of principals on physically insecure networks. Kerberos provides mutual authentication, data integrity, and privacy under the assumption that network traffic is vulnerable to capture, examination, and substitution.

A Kerberos principal is a unique identity that uses Kerberos authentication services. Kerberos verifies identities without relying on authentication by the host operating system, basing trust on host addresses or requiring physical security of all the hosts on the network.

Kerberos tickets are credentials that verify your identity. There are two types of tickets: a ticket-granting ticket and a service ticket. The ticket-granting ticket is for your initial identity request. When logging into a host system, you need something that verifies your identity, such as a password or a token. After you have the ticket-granting ticket, you can then use your ticket-granting ticket to request service tickets for specific services. This two-ticket method is called the trusted third-party of Kerberos. Your ticket-granting ticket authenticates you to the Kerberos server, and your service ticket is your secure introduction to the service.

The trusted third-party or intermediary in Kerberos is called the Key Distribution Center (KDC). The KDC issues all of the Kerberos tickets to the clients.