Kerberos network authentication
Kerberos is a network authentication architecture that allows a single user to authenticate to a wide number of services through a trusted third-party intermediary.
The modern definition of Kerberos is version 5, also known as krb5. Older versions of the protocol are strongly deprecated, with a number of known exploitable flaws. To be clear: these are flaws in the specifications of older versions themselves, not in any particular implementation. They are not fixable without discarding the older specifications themselves, which is why we have krb5.
descriptions of how krb5 works
- a good, detail-oriented yet short overview of a full krb5 authentication session very clear, concise, practical description
- MIT's papers about the kerberos protocols lots of interesting in-depth reading here, though much of it is old. Some of these papers have helped me (dkg) learn how to think about networked authentication and security.