Kerberos (a name which refers to the three headed dog Cerberus, guarding the gates to hell in Greek and Roman mythology) is a network authentication protocol. Originally developed at MIT and later most popularly adopted by Microsoft for use with Active Directory, Kerberos allows a user to authenticate once, against a Kerberos server, receive an authentication ticket and present session tickets generated from that to network services, avoiding the need to authenticate to each network service individually. As such, Kerberos is a cryptographically secure form of single sign-on.

Wikipedia has a clear description of the Kerberos protocol. Kerberos is subject to a number of formal standards, most notably IETF RFC 1510.

Return to Identity Management Concepts