Kerberos.html
* created: 2026-05-26T19:40
* modified: 2026-06-15T19:09
title
Title
description
Description
related notes
Kerberos
A protocol that represents one of the first single sing-on systems. The goals
of this protocol are:
- Transparency: The user is not required to interface with the service after the initial authentication.
- Reliability: The service has to have a high availability.
- Security: An attacker is not able to obtain unauthorized access.
- Scalability: The system can be extended with new user or resources at any time.
To achieve the secure communication Kerberos uses an Symmetric encryption method:
\begin{align}
c &= E(m,K_1) \\
m &= D(c, K_2)
\end{align}
Architecture

- Client sends a request containing name and the requested resource to the ticket granting server. If the client is not already registered the requests goes to the key distribution server, which verifies the identity and generates a secret key and a session key.
- A follow-up request to the ticket granting server now first validates checks the validity of the key, before granting the client a ticket, which represents the authority to access a predetermined resource.
- The generated ticket can now be transmitted to the resource, which checks the validity of the ticket before granting access.
Key Distribution Center (KDC)
Responsible for the creation, distribution, and verification of keys, which represent the authenticity of a user.
Ticket Granting Server (TGS)
Responsible for the creation of so called tickets, which represent the authorization to access a resource.