Get your free and exclusive +30-page Authentication Analytics Whitepaper
Back to Overview

What is Kerberos?

Learn how Kerberos enables secure, passwordless authentication with ticket-based access and single sign-on, ensuring seamless & protected network communication.

Vincent Delitz
Vincent Delitz

Created: January 2, 2025

Updated: May 12, 2026

Kerberos banner

What is Kerberos?#

Kerberos is a network authentication protocol developed at MIT in the 1980s to enhance secure communication over untrusted networks. It ensures secure user and service authentication without transmitting passwords directly, leveraging symmetric key cryptography and a trusted third party known as the Key Distribution Center (KDC).

Key Features of Kerberos#
  • Passwordless Authentication: Employs strong, time-limited secret-key cryptography instead of relying on passwords.
  • Single Sign-On (SSO): Users authenticate once to gain access to multiple services without repeated credential entries.
  • Mutual Authentication: Verifies the identities of both users and servers, ensuring trusted communication.
  • Ticket-based System: Uses encrypted, time-limited tickets containing user identity information for authentication.

How Kerberos Works#
  1. Initial Authentication: The client requests an authentication ticket (TGT) from the KDC's Authentication Server (AS).
  2. Ticket Granting: The KDC validates credentials and returns an encrypted TGT and session key.
  3. Service Access: The client uses the TGT to request a service ticket from the Ticket Granting Server (TGS).
  4. Service Authentication: The service ticket is presented to the server, granting access upon verification.

Advantages of Kerberos#
  • Enhanced Security: Passwords are never transmitted over the network, reducing interception risks.
  • Centralized Authentication: Provides a single point for managing logins and enforcing security policies.
  • Scalability: Designed for large, distributed networks and integration with various operating systems.
Substack Icon

Subscribe to our Passkeys Substack for the latest news.

Subscribe

Applications of Kerberos#

Kerberos is widely used in:

  • Microsoft Windows Active Directory
  • UNIX and Linux systems
  • Single Sign-On (SSO) implementations
  • Network service security, including SSH, POP, and SMTP protocols.
Corbado

About Corbado

Corbado is the Authentication Intelligence Platform for CIAM teams running consumer authentication at scale. We help you see what IDP logs and generic analytics tools can't: where passkeys, passwords, OTP, social login and fallback journeys succeed, stall or fail, which devices and browsers create friction, and when an OS update silently breaks login. Two products: Corbado Observe layers process mining and observability across authentication journeys. Corbado Connect adds managed passkeys with analytics built in alongside your IDP. VicRoads runs passkeys for 5M+ users with Corbado (+80% passkey activation). Talk to a Passkey Expert

See what's really happening in your passkey rollout.

Explore the Console

Share this article

LinkedInTwitterFacebook

Table of Contents

Related Terms

Related Articles

Passkeys and Single Sign-On (SSO)

Passkeys and Single Sign-On (SSO)

Janina - November 16, 2022

B2C Authentication is Broken: Here's Why

B2C Authentication is Broken: Here's Why

Vincent Delitz - June 13, 2024

Checkout Conversion Rate: Fix Login Step Drop‑Off

Checkout Conversion Rate: Fix Login Step Drop‑Off

Vincent Delitz - November 23, 2022