Page 1 of 1


PostPosted: Fri Jan 06, 2012 6:03 pm
by Prasanth
Kerberos is a security system that helps prevent people from stealing information that gets sent across the wires from one computer to another. Usually, these people are after your password.

The name "Kerberos" comes from the mythological three-headed dog whose duty it was to guard the entrance to the underworld. The Kerberos security system, on the other hand, guards electronic transmissions that get sent across the Internet. It does this by scrambling the information -- encrypting it -- so that only the computer that's supposed to receive the information can unscramble it. In addition, it makes sure that your password itself never gets sent across the wire: only a scrambled "key" to your password.

Kerberos is necessary because there are people who know how to tap the lines between computers and listen for your password. They do this with programs called "sniffers", and the only way to stop them would be to physically guard every inch of the Internet ... computers, cables and all. This, of course, is impossible. As long as there are physically insecure networks in the world, we'll need something like Kerberos to maintain the integrity and security of our electronic communications

Kerberos gets its name from Greek mythology. Cerberus, also known as Kerberos, was a three headed beast that guarded the Underworld and kept the living from entering the world of the dead. Kerberos protocol design began in the late 1980s at the Massachusetts Institute of Technology (MIT), as part of project Athena. It is a secure authentication mechanism designed for distributed severs, which assumes the network is unsafe. It enables a client and a server to mutually authenticate before establishing a connection. The first public release was Kerberos version 4, which leads to the actual version (v5) in 1993 after a wide public review. It followed the IETF standard process and its specifications are defined in Internet RFC 1510. Originally designed for UNIX, it is now available for all major operating systems, freely from MIT or also through commercial versions.

The problem that the Kerberos addresses is this: Assume an open distributed environment in which users at workstations wish to access services on servers distributed throughout the network. We would like for servers to restrict access to authorized users and to be able to authenticate requests for service. In this environment, a work station cannot be trusted to identify its users correctly to network services