Kerberos (detailed)

• Each user and service registers a secret key with the KDC

• Everyone trusts the KDC

• “Put all your eggs in one basket, and then watch that basket very carefully” - Anonymous Mark Twain

• The user’s key is derived from a password, by applying a hash function

• The service key is a large random number, and stored on the server