Show Contents / Index / Search

Kerberos Overview

Kerberos is a protocol that uses a trusted third party to enable secure communications over a TCP/IP network. The protocol uses encrypted tickets rather than plain-text passwords for secure network authentication.

A user logs onto a workstation using a password (secret key) that is also known by a trusted third party, the Key Distribution Center (KDC). The KDC authenticates the user and issues a ticket-granting ticket (TGT) that lets the user request and obtain service tickets as needed to access kerberized servers for the lifetime of the TGT. In addition to authenticating the client, Kerberos connections can also be configured to authenticate the server and encrypt the data stream. A Kerberos security scheme involves the interaction of several components:

  • The Key Distribution Center (KDC), which authenticates users and issues tickets for kerberized services.
  • The kerberized server applications that users want to access. (Kerberized servers may be server daemons, telnetd, or ftpd running on host machines.)
  • The kerberized client applications that request authentication and allow the user to access server applications. Because most Reflection applications include Kerberos client services, we'll refer to them collectively as the Reflection Kerberos client throughout this document. (You can configure and manage Kerberos settings for the Reflection Kerberos client using Reflection Kerberos Manager. However, it isn't required.)

Data Encryption Standards

Reflection Kerberos supports the following data encryption standards:

  • DES (56-bit)
  • TripleDES (168-bit)

Related Topics

The Kerberos Authentication Process