| dec2001.tar |
GlossaryAuthentication Service -- A service on a KDC that verifies principals and issues tickets for their services. Key Distribution Center -- A system that maintains the database of principals in the Kerberos realm. It returns tickets for use between authenticated principals based on requests from one principal. Generally a KDC runs two Kerberos services: the Authentication service and the Ticket Granting Service. principal -- An entity within the Kerberos system. Principals are identified by a three-part name such as primary/instance@REALM. Principals can be people (in which case no instance is specified), or Kerberized services defined by the primary and located on an instance in a REALM. realm -- A network of Kerberos principals maintained in a single database. A realm is identified by an uppercase name matching a DNS zone. Ticket -- A data record containing the name of principal A requesting access from principal B, encrypted in principal B's secret key. Ticket Granting Service -- A service on a KDC that issues session keys for use by other principals. Ticket Granting Ticket -- A ticket to a TGS that allows a principal to request access to other services in the Kerberos realm. |