138


Chapter 10. Kerberos


10.3. Kerberos Terminology


Like any other system, Kerberos has its own terminology to define various aspects of the service.


Before learning how the service works, it is important to learn the following terms.


ciphertext


Encrypted data.


plain text


Unencrypted, human readable data.


client


An entity on the network (a user, a host, or an application) that can get a ticket from Kerberos.


credential cache or ticket file


A file which contains the keys for encrypting communications between a user and various net 


work services. Kerberos 5 supports a framework for using other cache types, such as shared


memory, but files are more thoroughly supported.


crypt hash


A one way hash used to authenticate users. While more secure than plain text, it is fairly easy to


decrypt for an experienced cracker.


key


Data used when encrypting or decrypting other data. Encrypted data cannot be decrypted without


the proper key or extremely good guessing.


Key Distribution Center (KDC)


A service that issues Kerberos tickets, usually run on the same host as the Ticket Granting Server


key table or keytab


A file that includes an unencrypted list of principals and their keys. Servers retrieve the keys they


need from keytab files instead of using


kinit


. The default keytab file is


/etc/krb5.keytab


.


The


/usr/kerberos/sbin/kadmind


command is the only service that uses any other file (it


uses


/var/kerberos/krb5kdc/kadm5.keytab


).


principal


A user or service that can authenticate using Kerberos. A principal's name is in the form


root[/instance]@REALM


. For a typical user, the root is the same as their login ID. The


instance


is optional. If the principal has an instance, it is separated from the root with a


forward slash ("/"). An empty string ("") is considered a valid instance (which differs from the


default


NULL


instance), but using it can be confusing. All principals in a realm have their own


key, which is derived from their password or randomly set for services.


realm


A network that uses Kerberos, composed of one or more servers called KDCs and a potentially


large number of clients.


service


A program accessed over the network.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      tomcat hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved