In Microsoft Windows environments, version 5 of the Kerberos authentication protocol has been in use since Windows 2000. The protocol offers a robust authentication framework through the use of cryptographic mechanisms such as secret key cryptography. It provides mutual authentication of clients and servers.

The Kerberos protocol makes use of the following groups of components

• Key Distribution Center (KDC)
• Authentication Server (AS)
• Ticket-Granting Server (TGS)

The process of using Kerberos works much like the following

• You want to access another system, such as a server or a client. Because Kerberos is in place, a "ticket" is required
• To obtain a ticket, you are first authenticated against the AS, which creates a session key based on your password together with a value that represents the service you wish to connect to. This request serves as you ticket-granting ticket; Ticket to Get Tickets (TGT)
• Your TGT is presented to a TGS, which generates a ticket that allows you to access the service
• Based on the situation, the service either accepts or rejects the ticket. In this case, assume that you are authorized and gain access

The TGT is valid only for a finite period of time of 10 hours before it has to be regenerated. This acts as a safeguard against it being compromised.