Kerberos is specifically designed for mutual authentication. Both the client and the server prove their identities to each other. This is a core feature of Kerberos and is often referred to as "three-way authentication" (client authenticates to KDC, KDC provides ticket for server, client uses ticket to authenticate to server, server authenticates to client using subsession key).
The KDC verifies identities, gives out "tickets" (TGTs and service tickets), and enables secure communication between clients and servers without sending passwords over the network.
RADIUS primarily focuses on authenticating users to network access devices (like Wi-Fi access points or VPN gateways). While it can provide some level of server authentication, it doesn't inherently offer the same robust mutual authentication as Kerberos. RADIUS typically focuses on authenticating the user to the network access server.
****
B) Support for one-time passwords: Both RADIUS and Kerberos can support one-time passwords (OTPs) as a form of two-factor authentication.
C) Centralized user account management: Both RADIUS and Kerberos rely on a central authority for user account management. RADIUS often uses a RADIUS server, while Kerberos uses a Key Distribution Center (KDC).
D) Encrypted communication channel: Both RADIUS and Kerberos employ encryption to protect sensitive information during the authentication process. RADIUS uses shared secrets and can be used with protocols like TLS. Kerberos uses encryption throughout its ticket-granting process.