Kerberos

            In the mid-1970s, MIT developed a project known as Athena, to
            manage single sign-on. Today this is known as Kerberos and is
            built into many of our available systems. Kerberos is a single
            sign-on product that manages all access for users and devices on
            a network. The heart of Kerberos is the KDC (Key Distribution
            Center). The KDC is comprised of two parts - the
            Authentication Server (AS) and the Ticket Granting Server
            (TGS).

            When a new user or device is attached to the network, it must be
            registered with the KDC. At that time, a symmetric key is
            chosen for the user/device and stored both on the KDC and the
            device. A user requests access to a device or application by
            sending a request encrypted with the user's symmetric key to the
            KDC. If the user is permitted access, then the KDC passes a
            time-based ticket back to the user along with a symmetric
            session key. The user then passes the ticket (which is encrypted
            with the symmetric key of the application) to the application.

            The application can read and verify the ticket and then use the
            symmetric session key to communicate with the authorized user.