Why use Kerberos?

Kerberos is an enterprise level authentication tool. (Note there is a difference between authentication and authorisation).
Unfortunately "enterprise" also tends to mean "horribly complex".
Kerberos is getting easier to use as it becomes more integrated into operating systems but it's still in the "hard" basket.

Kerberos is a good way to make security aware applications (potentially) work seamlessly. NFSv4 is a good example of this.
See my notes Why NFSv4 UID mapping breaks with AUTH_UNIX.


The original document is available at http://dfusion.com.au/wiki/tiki-index.php?page=Why+use+Kerberos%3F