Kerberos is primarily used over internal LANs to authenticate users. The question is – why isn’t it used as an external (public facing) auth mechanism?

The REALM

The answer – to quote Wikipedia, Kerberos “provides mutual authentication — both the user and the server verify each other’s identity.”  That means that the client machine needs to have the necessary keys to vouch for its identity before user authentication takes place. Distributing those keys for “public Internet” applications isn’t practical – since all users of a banking site, for example, cannot be given their own keys. All the participants in a Kerberos system are part of a centralized REALM.

 

SAML, on the other hand, was designed to work for Single Sign On, which relies on an ‘identity’ provider.

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

 Twitter Linkedin