About Kerberos
Kerberos authentication system consists of the following:
A Kerberos client that needs to access and use Kerberos services.
A trusted third-party system, specifically a key distribution center (KDC).
A server that hosts services that are accessible using Kerberos authentication.
Kerberos authentication consists of the following phases:
1. Authentication phase. Client authenticates itself to the authentication service and requests a long-term ticket granting ticket (TGT).
2. Service authorization phase. Client uses the TGT to request a ticket for the specific service it wants to invoke.
3. Service invocation phase. Client sends the request to invoke the target service, including the service ticket obtained in the service authorization phase. If the server hosting the requested service authenticates the service ticket, the server invokes the requested service.