6.7.1 Kerberos Overview

Kerberos is a protocol that uses a trusted third party to enable secure communications over a TCP/IP network. The protocol uses encrypted tickets rather than plain-text passwords for secure network authentication.

A user logs onto a workstation using a password (secret key) that is also known by a trusted third party, the Key Distribution Center (KDC). The KDC authenticates the user and issues a ticket-granting ticket (TGT) that lets the user request and obtain service tickets as needed to access kerberized servers for the lifetime of the TGT. In addition to authenticating the client, Kerberos connections can also be configured to authenticate the server and encrypt the data stream. A Kerberos security scheme involves the interaction of several components:

  • The Key Distribution Center (KDC), which authenticates users and issues tickets for kerberized services.

  • The kerberized server applications that users want to access. (Kerberized servers may be server daemons, telnetd, or ftpd running on host machines.)

  • The kerberized client applications that request authentication and allow the user to access server applications. We'll refer to them collectively as the Kerberos clientthroughout this document. (You can configure and manage Kerberos settings for the Kerberos client using Kerberos Manager. However, it isn't required.)

Data Encryption Standards

Micro Focus Kerberos supports the following data encryption standards:

  • DES (56-bit)

  • TripleDES (168-bit)