Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Difference between Kerberos and RADIUS
In this article, we will understand the concept of Kerberos and Radius and the difference between them. The three main components of Kerberos are the computer that contains the database, the ticket−granting server, and the authentication server. RADIUS does not store data in a specific format but rather talks with a central database. Kerberos is used to verify the identity of users and services before allowing them to access sensitive information. The verification methods used by the application layer protocols of Kerberos are ticket−based encryption methods.
What is Kerberos?
Kerberos comes under the application layer which is the topmost layer of the OSI (Open System Interconnection) model for the authentication process. It uses a shared secret key to encrypt and decrypt messages between the client and server, ensuring that only authorized parties can access the information being transmitted. The use of secret−key cryptography helps to protect against unauthorized access and ensures that the identity of the user and server is verified before any sensitive information is transmitted.
Steps involved in Authentication Process of Kerberos
The Authentication process is matched with a real−time example for getting access to use the printer,
Bob sends a request to the server for authenticating its access.
The server verifies whether Bob’s identity like username and password is correct and then sends a ticket to access.
Bob sends this ticket to the server for authentication along with the request for a service ticket for the shared printer.
Then the ticket is verified by the server and sends back a service ticket for the shared printer.
Bob sends the service ticket to the shared printer and then grants access to the printer.
Features of Kerberos
- Mutual Authentication: Both the client and the server authenticate each other before sending any messages, so it prevents man−in−middle attacks.
- Prevents Attackers: The messages sent between the client and server is encrypted to prevent eavesdropping and replay attacks. The information being transferred cannot be read or understood by an attacker, even if they are able to intercept the transmissions.
What is Remote Authentication Dial−in User Service?
RADIUS is a type of layer−7 that gives strong bonding between the human and the computer software. When a user decides to connect to a network, this protocol provides all the facilities from access to communication. It is mainly used by wireless networks and in Virtual Private networks for secured connection. In this protocol, when a user tries to access a network resource, the RADIUS server will validate their credentials against a central database. Once the user has been authenticated, the RADIUS server uses pre−established authorization criteria to decide what level of access the user should have. Additionally, the RADIUS server records user behavior for accounting purposes.
Utilizing their RADIUS credentials, users can log in to a network service using the RADIUS Single Sign−On (RSSO) capability. When users need to access different network services but do not want to repeatedly enter their credentials, this can be helpful. By enabling customers to authenticate just once and access different services without having to enter their credentials again, it offers a seamless and practical user experience.
Difference between Kerberos and RADIUS
Basic Parameters |
Kerberos |
RADIUS |
|---|---|---|
Founded by |
Massachusetts Institute of Technology (MIT) introduced Kerberos. |
It was developed by Livingston Enterprises. |
Year |
It was put into effect in 1980. |
It was put into effect in 1991. |
Security Method |
Kerberos uses a key to protect sensitive data for encryption and decryption purposes. |
The users entering and leaving the networks are encrypted which gives increased protection. |
Purpose |
The secure authentication would be provided among hosts and would be used to verify the user’s identity and services before allowing them to access sensitive information. |
Radius facilitates an all−in−one facility for the users who are connected to the network. |
Directory Queries and Management |
It cannot facilitate directory queries and management. |
It provides the RADIUS server to manage all the functionalities and controls of the network. |
Single Sign−On (SSO) |
It is often used for SSO purposes. |
RADIUS Single Sign−On (RSSO) allows users to enter the network by authenticating it with the required credentials. |
Verification Method |
The users are verified to enter the network using the tickets. |
The users entering the network are verified using the login credentials and the authentication methods use password and handshake protocols. |
Conclusion
RADIUS provides protection to the credentials and passwords using an encryption method and Kerberos uses encryption of messages to increase security. The user can log in once with their Kerberos credentials and then access multiple services without having to log in again. Based on the specific need of the organization, they can choose between Kerberos and RADIUS.
373 Views
