Kerberos is a network authentication protocol that was developed at MIT to allow applications to identify users over open and insecure networks. It is used by governments, large corporations, and higher education. Kerberos is also the native authentication protocol of Active Directory. Since Jaguar, Apple has been moving aggressively to support Kerberos in both Mac OS X Server and Mac OS X—as well as all of the password-using applications in Mac OS X such as Mail, FTP, SSH, and Apple File Sharing. The reason Apple is making this push is to enable single sign-on .

Single sign-on means that after a user enters a name and a password in the login window, every application on the system that needs to authenticate itself for a network service—for example, Mail wanting to log into the mail server—can do so automatically without requiring the user to enter a different username and password.

For users of Mac OS X, either Kerberos is configured for your network and it just works out of the box, or there is a bit of configuration work to be accomplished. If your network falls into the second category, you’ll need to get some information from your system administrator.