Kerberos Overview



Kerberos is a network authentication protocol developed by the Massachusetts Institute of Technology (MIT). The Kerberos protocol uses secret-key cryptography to provide secure communications over a non-secure network. Primary benefits are strong encryption and single sign-on (SSO).

Kerberos runs as a third-party trusted server known as the Key Distribution Center (KDC). Each user and service on the network is a principal.

The KDC has three main components:

  • An authentication server that performs the initial authentication and issues ticket-granting tickets for users.
  • A ticket granting server that issues service tickets that are based on the initial ticket-granting tickets.
  • A principals database of secret keys for all the users and services that it maintains.

Kerberos uses cryptographic tickets to avoid transmitting plain text passwords. User principals obtain ticket-granting tickets from the Kerberos KDC and present those tickets as their network credentials to gain access to IBM® Streams services and interfaces.