Kerberos (/ˈkɜːrbərɒs/) is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.

The protocol was named after the character Kerberos (or Cerberus) from Greek mythology, the ferocious three-headed guard dog of Hades.

[3] The Massachusetts Institute of Technology (MIT) developed Kerberos in 1988 to protect network services provided by Project Athena.

[4][5] Its first version was primarily designed by Steve Miller and Clifford Neuman based on the earlier Needham–Schroeder symmetric-key protocol.

[9] Eric Young of Australia's Bond University reimplemented DES into Bones, in a version called "eBones", which could be freely used in any country.

Updates included: MIT makes an implementation of Kerberos freely available, under copyright permissions similar to those used for BSD.

[13] Internet web applications can enforce Kerberos as an authentication method for domain-joined clients by using APIs provided under SSPI.

[16] Security vulnerabilities exist in products that implement legacy versions of Kerberos which lack support for newer encryption ciphers like AES.