NetID Login Service: Kerberos

The Kerberos component of the NetID Login Service is the core of all NetID authentication at UW-Madison. All other components are built on top of Kerberos (WebISO and RADIUS)


Kerberos uses as its basis the symmetric Needham-Schroeder protocol. It makes use of a trusted third party, termed a key distribution center (KDC), which consists of two logically separate parts: an Authentication Server (AS) and a Ticket Granting Server (TGS). The KDC maintains a database of secret keys; each entity on the network — whether a client or a server — shares a secret key known only to itself and to the KDC. Knowledge of this key serves to prove an entity's identity. For communication purposes the KDC generates a session key which communicating parties use to encrypt their transmissions.1

The security of the protocol relies heavily on short-lived assertions of authenticity called Kerberos tickets.

As a service, Kerberos is fairly new. If you think your application or service might take advantage of Kerberos, please contact

1Kerberos (protocol). (2011, November 4). In Wikipedia, The Free Encyclopedia. Retrieved 04:04, November 9, 2011, from

Keywords: netid login service kerberos desktop authentication kiosk   Doc ID: 20290
Owner: Ryan L.Group: Access Management Services
Created: 2011-09-15 13:40 CSTUpdated: 2014-10-14 09:18 CST
Sites: Access Management Services, DoIT Help Desk, Middleware