Advantages of Kerberos

• Passwords aren’t exposed to eavesdropping

• Password is only typed to the local workstation

  • It never travels over the network
  • It is never transmitted to a remote server

• Password guessing more difficult

• Single Sign-on

  • More convenient: only one password, entered once
  • Users may be less likely to store passwords

• Stolen tickets hard to reuse

  • Need authenticator as well, which can’t be reused

• Much easier to effectively secure a small set of limited access machines (the AS’s)

• Easier to recover from host compromises

• Centralized user account administration