Kerberos is a network authentication protocol that allows users to securely access services over a physically insecure network. Kerberos, or MIT Kerberos, is also the name of this application. MIT Kerberos provides an easy interface to the Kerberos protocol.
In addition to providing secure access to services, Kerberos adds convenience by allowing you to sign on just once to use many network resources such as servers, hosts, or other services.
Kerberos gives you this convenience and security through the use of single sign on, mutual authentication, and secret key encryption.
|Single Sign On|
|Your Kerberos identity (your principal) and your password allow you to log on just once to access all of the servers, hosts, and other resources that use the Kerberos installation. No matter how many resources you use, you will not need to enter your password again.|
|Authentication is proof of identity. Any protocol or service that demands a password is authenticating the user. However, Kerberos provides mutual authentication, so in addition to proving your identity to the server, it proves that the server you are communicating with is what it claims to be. This protects you against phishing and spoofing.|
|Kerberos prevents malicious attempts to intercept your password by encrypting your password before transmitting it. In addition, once you and the server have proved your identities to each other, Kerberos uses secret-key cryptography to secure the rest of your communications. This helps maintain your privacy and the integrity of your data.|