Slide 42 of 58
Notes:
Kerberos provides excellent secure authentication using a three party handshake between the client, security server and service. It does not provide encrypted communication channels once authentication is completed. Kerberos credentials (tickets) once obtained can be used to initiate new sessions without re-submitting account name and password. Because version 5 of Kerberos uses a different “crypt” function than the Unix password system or Kerberos version 4, migration can be a problem for large populations. There is also limited desktop client support as well as end user education issues that must be resolved. This may be addressed in Microsoft’s future Kerberos integration in their Windows and Internet Explorer product lines.
http://web.mit.edu/kerberos/www.index.html
