Kerberos is a secure system for providing network authentication services. Authentication means:
The identities of entities on the network are verified.
Traffic on the network is from the source who claims to have sent it.
Kerberos uses passwords to verify the identity of users, and these passwords are never sent over the network in an unencrypted form.
For information on configuring a Kerberos 5 server or client, refer to the Official Red Hat Linux Customization Guide.
Most conventional network systems use password-based authentication schemes. When a user needs to authenticate to a service running on a network server, they type in their password for each service that requires authentication. Their password is sent over the network, and the server verifies their identity using the password.
Transmission of passwords in plaintext using this method, while commonly done, is a tremendous security risk. Any system cracker with access to the network and a packet analyzer (also known as a packet sniffer) can intercept any passwords sent this way.
The primary design goal of Kerberos is to ensure that passwords are never sent across a network unencrypted and are preferably never sent over the network at all. The proper use of Kerberos will eradicate the threat of packet sniffers intercepting passwords on your network.