Kerberos is a network authentication protocol created by MIT which uses
secret-key cryptography to secure passwords over the network. Encrypting
passwords with Kerberos can help to thwart unauthorized users trying to
intercept passwords on the network, thus adding an extra layer of system
security.
Most conventional network systems use password-based authentication
schemes. When a user needs to authenticate to a service running on a
network server, they type in their password for each service that
requires authentication. Their password is sent over the network, and
the server verifies their identity using the password.
However, the transmission of password information in some authenticated
services is done in clear text. Any system cracker with access to
the network and a packet analyzer, also known as a packet sniffer, can
intercept any passwords sent in this manner.
The primary design goal of Kerberos is to eliminate the
clear-text passwords transfered across a network. The
proper use of Kerberos dramatically lessens the threat of packet
sniffers intercepting passwords on your network .
