IT Glossary
Kerberos is a network authentication protocol using tickets and a trusted KDC. Learn how Kerberos works, where it is used, and how it relates to IAM.
June 8, 2026
Kerberos is a network authentication protocol that verifies the identity of users and services using secret-key cryptography and time-limited tickets issued by a trusted third party called the Key Distribution Center (KDC). It lets two parties prove their identity over a non-secure network without sending passwords across it, and it is the default authentication protocol inside Microsoft Active Directory domains.
Inside a corporate domain, an employee logs into Windows and then reaches the file server and intranet without re-entering a password, because Kerberos tickets carry the proof. Kerberos is strong inside the perimeter, but it was not designed for browser-based SaaS across the public internet. That is why companies layer SAML or OIDC federation on top for cloud apps, while Kerberos keeps serving on-prem resources.
The Key Distribution Center is the trusted server that authenticates users and issues tickets. It is the core of the Kerberos trust model.
Rarely on its own. Kerberos excels inside a network perimeter. For cloud apps, federation protocols like SAML and OIDC take over.
Tickets are time-limited and avoid transmitting passwords over the network, which reduces interception and replay risk.
Corma unifies governance across on-prem directory identity and cloud SaaS access. Explore Corma for IT teams or request a demo.
