Kerberos is a distributed authentication service that allows
a process (a client) running on behalf of a principal (a user) to
prove its identity to a verifier (an application server, or only
a server) without sending data across the network that might allow
an attacker or the verifier to subsequently impersonate the principal.
Kerberos optionally provides integrity and confidentiality for data
sent between the client and server. [Neuman, Ts’o: Kerberos:
An Authentication Service for Computer Networks]
Kerberos was developed at the Massachusetts Institute of Technology (MIT).
Use of Kerberos in the CIFS environment provides significant
security improvements over the older NT LanManager (NTLM) protocol traditionally
used by CIFS Clients and Servers.
Printable version
