In a networked environment, it is very important to be able to authenticate users in a secure way over insecure networks. Kerberos is a network authentication protocol using a trusted third-party to provide authentication and basic session-key exchange.
Kerberos is built around a central key distribution center (KDC) which keeps a database of clients and servers (called principals) and their private keys. Encryption in Kerberos is based on DES [26]. When the client wants to use some service it issues a request to the KDC for a ticket for that service. The server returns a message encrypted with the client's private key, containing three parts: a session key that can be used for encryption between the client and the server, a timestamp, and a ticket. The ticket is encrypted with the private key of the server and contains the name of the client, a timestamp, the clients network address, lifetime of the ticket, and the same session key that the client obtained. The ticket can be passed to the server for authentication.
Kerberos [24] was originally developed by project Athena at MIT, but was not exportable from the US due to legal restrictions. The cryptographic functionality was removed and a ``Bones'' distribution was created and exported. The cryptographic interfaces were added back by Eric Young, and KTH (The Royal Institute of Technology in Stockholm, Sweden) maintained the code outside the USA. The Kerberos implementation in OpenBSD is ``kth-krb'', protocol version 4, and is used in a number of utilities.