Another interview question in the last 2 weeks.
The process
So again, I asked a question based on some keywords that appeared on the candidate's resume.
“So you mentioned you are in charging of authentication service, refactored and improved the process by using Kerberos,” I asked.
“Yes, both security and performance. and it is designed for micro-service”. He said.
“How does this Kerberos work and why it is more secure?”. I asked
“It never sends any password during the process so it is more secure. It only authenticated once and can reuse the ticket all the same so it is faster”. He said.
I am good with the answer. but I want to know more from him, since myself also not so familiar with this protocol, my day-to-day auth flow mostly is JWT, OAuth, and openID.
“How does the Kerberos flow exactly work? just curious”. I asked.
“Well I am not very sure. All I know is that it never sends passwords anywhere so it is more secure, and it is designed to be used in the Kubernetes eco-system”.he replied.
I am good with the above answer. just for myself to study more, after the interview I searched and learned it.
I just to share what I have found in case to save you time (in case you want to know)
