NetID Login Service: Kerberos
The Kerberos component of the NetID Login Service is the core of all NetID authentication at UW-Madison. All other components are built on top of Kerberos (WebISO and RADIUS)
Kerberos uses as its basis the symmetric Needham-Schroeder protocol. It makes use of a trusted third party, termed a key distribution center (KDC), which consists of two logically separate parts: an Authentication Server (AS) and a Ticket Granting Server (TGS). The KDC maintains a database of secret keys; each entity on the network — whether a client or a server — shares a secret key known only to itself and to the KDC. Knowledge of this key serves to prove an entity's identity. For communication purposes the KDC generates a session key which communicating parties use to encrypt their transmissions.1
The security of the protocol relies heavily on short-lived assertions of authenticity called Kerberos tickets.
As a service, Kerberos is fairly new. If you think your application or service might take advantage of Kerberos, please contact firstname.lastname@example.orgKerberos (protocol). (2011, November 4). In Wikipedia, The Free Encyclopedia. Retrieved 04:04, November 9, 2011, from http://en.wikipedia.org/w/index.php?title=Kerberos_(protocol)&oldid=458928830