Kerberos Explained in Pictures


Kerberos is an authentication protocol that can be used for single sign-on (SSO). The idea behind SSO is simple, we want to login just once and be able to use any service that we are entitled to, without having to login on each of those services.

The Wikipedia page is pretty good, but even after reading the Explain like I’m 5: Kerberos, I ended up having to draw myself some diagrams.

The puzzle

So imagine the objective is for a user to talk to an FTP service and for the FTP service to be sure that the user is who they claim to be, given that there are wrongdoers who will try to to intercept any message sent between actors and attempt to make use of it.