File: Definitions.html

package info (click to toggle)
krb5 1.4.4-7etch8
  • links: PTS
  • area: main
  • in suites: etch
  • size: 49,188 kB
  • ctags: 25,838
  • sloc: ansic: 270,358; exp: 21,157; makefile: 10,635; sh: 6,403; yacc: 2,515; perl: 1,925; cpp: 743; awk: 449; python: 379; asm: 248; lex: 190; sed: 172; csh: 147
file content (87 lines) | stat: -rw-r--r-- 3,257 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
<html lang="en">
<head>
<title>Kerberos V5 System Administrator's Guide</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="Kerberos V5 System Administrator's Guide">
<meta name="generator" content="makeinfo 4.5">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home">
</head>
<body>
<div class="node">
<p>
Node:<a name="Definitions">Definitions</a>,
Previous:<a rel="previous" accesskey="p" href="The-User-Kerberos-Interaction.html#The%20User%2fKerberos%20Interaction">The User/Kerberos Interaction</a>,
Up:<a rel="up" accesskey="u" href="How-Kerberos-Works.html#How%20Kerberos%20Works">How Kerberos Works</a>
<hr><br>
</div>

<h3 class="section">Definitions</h3>

<p>Following are definitions of some of the Kerberos terminology.

     <dl>
<dt><b>client</b>
     <dd>an entity that can obtain a ticket.  This entity is usually either a
user or a host.

     <br><dt><b>host</b>
     <dd>a computer that can be accessed over a network.

     <br><dt><b>Kerberos</b>
     <dd>in Greek mythology, the three-headed dog that guards the entrance to the
underworld.  In the computing world, Kerberos is a network security
package that was developed at MIT.

     <br><dt><b>KDC</b>
     <dd>Key Distribution Center.  A machine that issues Kerberos tickets.

     <br><dt><b>keytab</b>
     <dd>a <b>key tab</b>le file containing one or more keys.  A host or service
uses a <dfn>keytab</dfn> file in much the same way as a user uses his/her
password.

     <br><dt><b>principal</b>
     <dd>a string that names a specific entity to which a set of credentials may
be assigned.  It can have an arbitrary number of components, but
generally has three:

          <dl>
<dt><b>primary</b>
          <dd>the first part of a Kerberos <i>principal</i>.  In the case of a user, it
is the username.  In the case of a service, it is the name of the
service.

          <br><dt><b>instance</b>
          <dd>the second part of a Kerberos <i>principal</i>.  It gives information that
qualifies the primary.  The instance may be null.  In the case of a
user, the instance is often used to describe the intended use of the
corresponding credentials.  In the case of a host, the instance is the
fully qualified hostname.

          <br><dt><b>realm</b>
          <dd>the logical network served by a single Kerberos database and a set of
Key Distribution Centers.  By convention, realm names are generally all
uppercase letters, to differentiate the realm from the internet domain. 
</dl>

     <p>The typical format of a typical Kerberos principal is
primary/instance@REALM.

     <br><dt><b>service</b>
     <dd>any program or computer you access over a network.  Examples of services
include "host" (a host, <i>e.g.</i>, when you use <code>telnet</code> and
<code>rsh</code>), "ftp" (FTP), "krbtgt" (authentication;
cf. <i>ticket-granting ticket</i>), and "pop" (email).

     <br><dt><b>ticket</b>
     <dd>a temporary set of electronic credentials that verify the identity of a
client for a particular service.

     <br><dt><b>TGT</b>
     <dd>Ticket-Granting Ticket.  A special Kerberos ticket that permits the
client to obtain additional Kerberos tickets within the same Kerberos
realm. 
</dl>

</body></html>