kerberos

Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed it primarily at a client-server model, and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.

Kerberos builds on symmetric-key cryptography and requires a trusted third party, and optionally may use public-key cryptography during certain phases of authentication. Kerberos uses UDP port 88 by default.

https://en.wikipedia.org/wiki/Kerberos_(protocol)#Drawbacks_and_limitations

Glossary

• AS: Authentication Server
• KDC: Key Distribution Center
• SPN: Service Principal Name
• TGS: Ticket Granting Server

Links

• https://web.mit.edu/kerberos/
• https://web.mit.edu/kerberos/krb5-latest/doc/
• https://en.wikipedia.org/wiki/Kerberos_(protocol)