Kerberos

Explain Kerberos V5 authentication process?

Kerberos V5 is the primary security protocol for authentication within a domain. The Kerberos V5 protocol verifies both the identity of the user and network services. This dual verification is known as mutual authentication.

Kerberos Authentication in an Active Directory Domain

In an Active Directory domain, a protocol called Kerberos is used to authenticate identities. When a user or computer logs on to the domain, Kerberos authenticates its credentials and issues a package of information called a Ticket Granting Ticket (TGT). Before the user connects to the server to request the document, a Kerberos request is sent to a domain controller along with the TGT that identifies the authenticated user. The domain controller issues the user another package of information called a Service Ticket that identifies the authenticated user to the server. The user presents the Service Ticket to the server accepts the service ticket as proof that the user has been authenticated.

These Kerberos transactions result in a single network logon. After the user or computer has initially logged on and has been granted a TGT, the user is authenticated within the entire domain and can be granted service tickets that identify the user to any service. All of this ticket activity is managed by the Kerberos clients   and services built into windows and are transparent to the user.