What's the difference between Radius and Kerberos?

  • Is Radius just a better version of Kerberos? I can't find anything about this. If you set up a Radius server in a modern network do you need Kerberos at all?

  • Kerberos will take verify your credentials and give you a "ticket" that you can use to prove to other systems/services that you are you. The ticket will expire, and doesn't contain your credentials. You have to be on the network for this to work. More information on Kerberos can be found here: MIT - Kerberos

    RADIUS is a way to get on the network. You give your credentials, and they will be checked before you are allowed access to the network. More information on RADIUS can be found here: Wikipedia Entry

    So when you are trying to access a network, you provide your credentials and RADIUS will check to see if you are allowed on the network. If you have wrong credentials, you don't get on.

    After you are on the network, you will want to have access to other services, i.e. email. This is where Kerberos comes in. You authenticate to Kerberos, if you check out ok, Kerberos will give the ticket, (think of a pass) that you can use to access those other services without having to spread your actual credentials everywhere.

    So they're completely different things? Should both be installed in a network?

    Yes, they serve different functions, but both deal with credentials. As far as installing, it depends on what you want in the network.

    So, a campus network needs both. It needs Radius to authenticate clients who want to log in to the network, and it needs Kerberos to authenticate clients who want to use specific services in that network?

    *Needs* is a strong word. You *could* use that set-up, or a completely different one. Newer tech is being developed all the time. You could look into OAuth or some others.

    @StephenSpencer, just wanted to suggest you replace the software-specific GNU Radius link in your answer above, with a more general description of RADIUS. For example, the Wikipedia entry.

    One is about giving you access to the network. The other is about being able to give creditionals to join the network.

    Sorry if this is late, does Kerberos still get used in modern networks or should something better be used?

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM

Tags used