Kerberos is a network authentication protocol that enables users to securely prove their identity to a Kerberized server or service over an unsecured network.

In the MCP environment, the client and server applications can exchange credentials securely using Kerberos. An important element for the credential exchange is a trusted third party. The trusted third party used for the MCP environment is the Windows domain controller, which acts as the Key Distribution Center (KDC).

Kerberos on the MCP uses GSS-API function calls, while Kerberos on Microsoft Windows uses Security Support Provider Interface (SSPI) function calls to exchange credentials and encrypted messages.

The MCP environment can use Kerberos as a secure way to log on to the MCP. Also, MCP applications can use Kerberos to authenticate client applications. Kerberos is available to MCP applications by calling the GSS-API.

Key Distribution Center (KDC)

The Windows domain controller acting as the Key Distribution Center (KDC) can run the US English version of Microsoft Windows Server 2012 or Microsoft Windows Server 2016.

The KDC stores and issues keys that are used in the client and server application authentication process. Once client and server application credentials and a security context are established and authenticated, encrypted messages between the client and server applications can be exchanged securely.

MCP Kerberos Configuration Management

A Kerberos configuration can be set up using MCP Kerberos Configuration Management of Security Center. Use MCP Kerberos Configuration Management to install, configure, and manage Kerberos security on an MCP server.