Kerberos

Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos uses UDP port 88 by default

At least two implementations are available, [Heimdal]( https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/).

OpenSSH implements Kerberos support since early versions.

• Binaries: ktutil, klist, kinit

A Kerberos realm is the domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. A realm name is often, but not always the upper case version of the name of the DNS domain over which it presides.

Configuration files

• /etc/krb5.conf^[1]

Commands

• kinit admin
• klist

Activities

1. Install Kerberos KDC Server and Client in Linux: apt install krb5-kdc krb5-admin-server krb5-config -y^[2]
2. Understand why time synchronization and DNS plays an important role in order to work KDC properly^[3]
3. Read about SPNEGO

Related terms

• FreeIPA
• kpasswd port 464
• SPAKE

See also

• AAA, Kerberos, KDC, kinit, klist, ktutil, /etc/krb5.conf, krb5-workstation, pam_krb5
• AAA: Authc, Authz, Password policy, OAuth, OpenID, OIDC, LDAP, RADIUS, TACACS+, XTACACS, SAML, Secure LDAP, IEEE 802.1X, CHAP, RBAC, MFA, SCIM, Amazon Cognito
• OpenSSH: ssh-keygen