Kerberos is a secret-key network authentication system developed at
MIT; it uses DES for encryption and authentication. Unlike a public-key
authentication system, it does not produce digital signatures: Kerberos
was designed to authenticate requests for network resources rather than
to authenticate authorship of documents. Kerberos provides real-time
authentication in a distributed environment, but does not provide for
future third-party verification of documents.
In a Kerberos system, there is a designated site on the network, called
the Kerberos server, which performs centralized key management and
administrative functions. The server maintains a database containing
the secret keys of all users, generates session keys whenever two users
wish to communicate securely, and authenticates the identity of a user
who requests certain network services.
Kerberos, like other secret-key systems, requires trust in a third party, in this case the Kerberos server. If the server were compromised, the integrity of the whole system would fall. Public-key cryptography was designed precisely to avoid the necessity to trust third parties or communication lines (see Question 3.1.4). Kerberos may be adequate for those who do not need the more robust functions and properties of public-key systems.