Kerberos Authentication


By Dan DiNicolo, May 15th, 2007 Posted in CCDA Study Guide. Subscribe to our RSS Feed



Rather Have Fast and Secure Remote Control?

 Securely access PCs and servers worldwide through any firewall. Try it and see for yourself!

Kerberos is another network authentication protocol supported by the Cisco IOS. Kerberos was originally developed by MIT, and is standardized in RFC 1510. Unlike TACACS+ and RADIUS, Kerberos only supports authentication, and not authorization or accounting.

Kerberos authentication works according to a three-headed model, which has proven to be a very secure method of providing authentication services. This model is made up of three main elements – clients, services, and Key Distribution Centers (KDCs). When a Kerberos client attempts to log on, a request is passed to the KDC. The KDC will encrypt what is known as a ticket-granting ticket (TGT), and pass it back to the client. The client’s supplied password is used to decrypt the ticket, thus validating them. Next, when the user attempts to gain access to a service (which could be telnet on a Cisco router), the client passes their TGT (which shows they are authenticated) back to the KDC, asking for a ticket to that service. Once the ticket is supplied by the KDC, the client can then access the service in question. In this way, the KDC acts as a trusted third-party, providing authentication services between clients and network services.

Written by Dan DiNicolo - Visit Website

Print This Post Print This Post













All Tutorials by Category:















Entire site Copyright © 1999-2007 2000Trainers.com, all rights reserved.
Content on this site may not be copied or reproduced in any way without permission.





IT Showcase


Text Link Ads

View all Tutorials by Category: