Building Kerberos-Based Secure Services Using Metro
Source: Sun Microsystems
Kerberos is a network authentication service developed as part of Project Athena at the Massachusetts Institute of Technology. The protocol is named after Cerberus, known in Greek mythology as the three-headed monstrous dog who guards Hades. Kerberos assumes that network connections, rather than servers, are the weak links in network security, and so interactions between hosts and clients should be encrypted. Kerberos uses a trusted third party, termed a Key Distribution Center (KDC), which consists of two separate logical parts: an Authentication Server (AS), and a Ticket Granting Server (TGS). The KDC maintains a database of secret keys. Each entity in the network, whether it's a client or a server, shares a secret key known only to itself and to the KDC.