A network authentication protocol designed to provide strong authentication for client/server applications using secret-key cryptography, involving a trusted 3rd party and without the need for passwords to be stored locally or sent over the internet. It operates on the basis of tickets to allow communication over a non-secure network to allow principals to identify themselves in a secure manner. It provides mutual authentication requiring both the client and server to identify themselves.