How the Kerberos Authentication System Works
Applications allow you to log in to a remote system if you
can provide a ticket that proves your identity, and a matching session key.
The session key contains information that is specific to the user and the
service that is being accessed. A ticket and session key are created by
the KDC for all users when they first log in. The ticket and
the matching session key form a credential. While using multiple networking services, a
user can gather many credentials. The user needs to have a credential for
each service that runs on a particular server. For example, access to the
ftp service on a server named boston requires one credential. Access to the ftp
service on another server requires its own credential.
The process of creating and storing the credentials is transparent. Credentials are created
by the KDC that sends the credential to the requester. When received, the
credential is stored in a credential cache.