# Kerberos

Basically, Kerberos comes down to just this:

* a protocol for authentication
* uses **tickets** to authenticate
* avoids storing passwords locally or sending them over the internet
* involves a trusted 3rd-party (**KDC**)
* built on symmetric-key cryptography

Pictorially:

![Kerberos](https://3988450783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWVjG_njKgBtvmnKaJh%2Fuploads%2F8gcN6lwSfA3zkHUJ0s16%2FKerberos.png?alt=media\&token=58c70bce-9a7e-4b1c-bc83-b6a837515c51)

Terms:

* **AS-REQ:** Authentication Service Request
* **AS-REP:** Authentication Service Response
* **TGS-REQ:** Ticket Granting Service Request
* **TGS-REP:** Ticket Granting Service Response

## Reference

{% embed url="<https://www.roguelynn.com/words/explain-like-im-5-kerberos/>" %}
Explain like I'm 5: Kerberos - roguelynn
{% endembed %}