summaryrefslogtreecommitdiffstats
path: root/doc/glossary.texinfo
blob: d49a56a7fb76055f5b55f44d399b2f352e5e07a1 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

@table @b
@item client
an entity that can obtain a ticket.  This entity is usually either a
user or a host.

@item host
a computer that can be accessed over a network.

@item Kerberos
in Greek mythology, the three-headed dog that guards the entrance to the
underworld.  In the computing world, Kerberos is a network security
package that was developed at MIT.

@item KDC
Key Distribution Center.  A machine that issues Kerberos tickets.

@item keytab
a @b{key tab}le file containing one or more keys.  A host or service
uses a @dfn{keytab} file in much the same way as a user uses his/her
password.

@item principal
a string that names a specific entity to which a set of credentials may
be assigned.  It can have an arbitrary number of components, but
generally has three:

@table @b
@item primary
the first part of a Kerberos @i{principal}.  In the case of a user, it
is the username.  In the case of a service, it is the name of the
service.

@item instance
the second part of a Kerberos @i{principal}.  It gives information that
qualifies the primary.  The instance may be null.  In the case of a
user, the instance is often used to describe the intended use of the
corresponding credentials.  In the case of a host, the instance is the
fully qualified hostname.

@item realm
the logical network served by a single Kerberos database and a set of
Key Distribution Centers.  By convention, realm names are generally all
uppercase letters, to differentiate the realm from the internet domain.
@end table

@noindent
The typical format of a typical Kerberos principal is
primary/instance@@REALM.

@item service
any program or computer you access over a network.  Examples of services
include ``host'' (a host, @i{e.g.}, when you use @code{telnet} and
@code{rsh}), ``ftp'' (FTP), ``krbtgt'' (authentication;
cf. @i{ticket-granting ticket}), and ``pop'' (email).

@item ticket
a temporary set of electronic credentials that verify the identity of a
client for a particular service.

@item TGT
Ticket-Granting Ticket.  A special Kerberos ticket that permits the
client to obtain additional Kerberos tickets within the same Kerberos
realm.
@end table
generated by cgit (git 2.34.1) at 2024-11-07 12:31:07 +0000