How does kerberos really secure anything in relation to the definition below?

"Under Kerberos, a client (generally either a user or a service) sends a request for a ticket to the Key Distribution Center (KDC). The KDC creates a ticket-granting ticket (TGT) for the client, encrypts it using the client's password as the key, and sends the encrypted TGT back to the client. The client then attempts to decrypt the TGT, using its password. If the client successfully decrypts the TGT (i.e., if the client gave the correct password), it keeps the decrypted TGT, which indicates proof of the client's identity."

If the password is sent in clear text initially to the KDC, can't someone on the network sniff out the password and intervene in the middle of the transmission?  Or perhaps I am not getting how it works?
Sp0ckyAsked:
Who is Participating?
 
my2eggsConnect With a Mentor Commented:
It doesn't send the password in a clear text. It uses a one-way hash which never actually gets sent across the network. The hash is used for encryption of the ticket granting server session key. The authentication service will be able to decrypt it because it also has a secure connection to a user database. Thus the client and the server simply use a hashed version of the password for encryption only. They never actually send the password in any form across the network.

This wiki article might provide a little more insight in the process.

http://en.wikipedia.org/wiki/Kerberos_(protocol)#Protocol
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.