An access control system that was developed at MIT in the 1980s. Turned over to the IETF for standardization in 2003, Kerberos was designed to operate in both small and large companies with multiple domains and authentication servers. The Kerberos concept uses a "master ticket" obtained at logon, which is used to obtain additional "service tickets" when a particular resource is required.
Kerberos Checks Passwords Once
When users log in to a Kerberos system, their password is encrypted and sent to the authentication service in the Key Distribution Center (KDC). If successfully authenticated, the KDC creates a master ticket that is sent back to the user's machine. Each time the user wants access to a service, the master ticket is presented to the KDC in order to obtain a service ticket for that service. The master-service ticket method keeps the password more secure by sending it only once at logon. From then on, service tickets are used, which function like session keys.
From Greek Mythology
Cerberos was a three-headed dog that guarded the gates to Hades (hell).
It's About Tickets
After users are authenticated, they are granted a master ticket that is used to obtain service tickets. Service tickets act like session keys in other security systems.