10 Important Kerberos Facts

You should read this list of Kerberos facts if you read nothing else in this article. Kerberos is an important protocol that’s sometimes misunderstood by administrators.

  1. Kerberos is an industry standard that was initially developed by MIT in the 1980’s. The current version, Kerberos 5, is defined in RFC 1510.
  2. If you log on to an Active Directory (AD) domain from a computer running Windows 2000 or later, you are probably relying on the Kerberos 5 authentication protocol to access a wide array of network resources, such as AD domain resources, file shares, print services, Microsoft IIS, and even resources protected by IPSec.
  3. Kerberos is currently the most secure authentication mechanism supported by AD.
  4. Kerberos is the best choice for most Microsoft Office SharePoint Server 2007 (MOSS) implementations in an intranet or extranet where users log on to an AD domain.
  5. Kerberos is the only Windows authentication protocol that provides constrained delegation (aka double-hop authentication) and protocol transition.
  6. Windows Integrated Authentication is a superset of the authentication protocols Kerberos and NTLM.
  7. Kerberos Digest and Basic authentication (augmented for security with TLS/SSL) protocols aren’t part of Windows Integrated Authentication but are available via the Security Support Provider Interface (SSPI) in Windows.
  8. Kerberos authentication to a Web site requires that your Microsoft browser be Microsoft Internet Explorer 5.0 or above. Mozilla Firefox and other browsers also support Kerberos authentication.
  9. Kerberos works for both password-based and smart card-enabled authentication.
  10. In Greek mythology, Kerberos/Cerberus was the Greek god, Hades’, watchdog-a threeheaded canine that guarded the gates of the underworld.
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.