Kerberos is a client-server authentication protocol that enables mutual authentication – both the user and the server verify each other’s identity – over non-secure network connections. The protocol is resistant to eavesdropping and replay attacks, and requires a trusted third party.
The Kerberos protocol uses a symmetric key derived from the user password to securely exchange a session key for the client and server to use. A server component is known as a Ticket Granting Service (TGS) then issues a security token (AKA Ticket-Granting-Ticket TGT) that can be later used by the client to gain access to different services provided by a Service Server.
Kerberos is a client-server authentication protocol that works over unsecured connections.
Kerberos uses the client/user password to derive an initial encryption key that allows for the secure exchange of a session key. Once a secure connection is established the authentication server issues a ticket-granting-ticket (TGT) that can be used by the client to request access to protected services.
Windows 2000 and later use Kerberos as its default authentication method. Kerberos is used by Active Directory Domain Services (i.e. Domain Controller) as the default authentication protocol when joining a client to a Windows domain.
Kerberos is a mutual authentication protocol.