NetID Login Service: Kerberos

The Kerberos component of the NetID Login Service is the core of all NetID authentication at UW-Madison. All other components are built on top of Kerberos (WebISO and RADIUS)


Kerberos uses as its basis the symmetric Needham-Schroeder protocol. It makes use of a trusted third party, termed a key distribution center (KDC), which consists of two logically separate parts: an Authentication Server (AS) and a Ticket Granting Server (TGS). The KDC maintains a database of secret keys; each entity on the network — whether a client or a server — shares a secret key known only to itself and to the KDC. Knowledge of this key serves to prove an entity's identity. For communication purposes the KDC generates a session key which communicating parties use to encrypt their transmissions.1

The security of the protocol relies heavily on short-lived assertions of authenticity called Kerberos tickets.

As a service, Kerberos is fairly new. If you think your application or service might take advantage of Kerberos, please contact

1Kerberos (protocol). (2011, November 4). In Wikipedia, The Free Encyclopedia. Retrieved 04:04, November 9, 2011, from

Keywords:netid login service kerberos desktop authentication kiosk   Doc ID:20290
Owner:Ryan L.Group:Access Management Services
Created:2011-09-15 14:40 CDTUpdated:2014-10-14 10:18 CDT
Sites:Access Management Services, DoIT Help Desk, Middleware
Feedback:  2   0