In this article we will talk about main features of Kerberos and SSL, which is actually TLS (explanation follows), and what to use depending on situation and your demands.
What is Kerberos
Kerberos is a protocol for authentication between nodes in a computer network over non-secure lines. It allows nodes to prove their identity to one another in a secure manner. It is aimed primarily at a client-server model, and it provides mutual authentication — both the user and the server verify each other's identity. It is important to understand that Kerberos may be used to authenticate a client to several different servers at the same time. Kerberos protocol messages are protected against eavesdropping and replay attacks.
Kerberos authentication is widely used in Microsoft products like Windows 2000 and later Windows NT-based operating systems. Cross-platform Active Directory integration vendors have extended the Integrated Windows Authentication paradigm to UNIX, Linux and Mac systems.
The protocol was designed in Massachusetts Institute of Technology (MIT) and was implemented in a software product of the same name, Kerberos. There are several programs with similar names, which produce some kind of misunderstanding: sometimes people get confused and ask why the Kerberos program uses SSL? Is SSL a part of Kerberos protocol?
No, it is not. But software that uses Kerberos for client and server authentication may use SSL as well.
For example, SecureBlackbox developed by EldoS Corporation uses Kerberos for client authentication through GSS-API (Generic Security Services Application Program Interface), which is the standard mechanism to access security services for the C (RFC 2744) and Java (JSR-072) languages.