3 an entity that can obtain a ticket. This entity is usually either a
7 a computer that can be accessed over a network.
10 in Greek mythology, the three-headed dog that guards the entrance to the
11 underworld. In the computing world, Kerberos is a network security
12 package that was developed at MIT.
15 Key Distribution Center. A machine that issues Kerberos tickets.
18 a @b{key tab}le file containing one or more keys. A host or service
19 uses a @dfn{keytab} file in much the same way as a user uses his/her
23 a string that names a specific entity to which a set of credentials may
24 be assigned. It can have an arbitrary number of components, but
29 the first part of a Kerberos @i{principal}. In the case of a user, it
30 is the username. In the case of a service, it is the name of the
34 the second part of a Kerberos @i{principal}. It gives information that
35 qualifies the primary. The instance may be null. In the case of a
36 user, the instance is often used to describe the intended use of the
37 corresponding credentials. In the case of a host, the instance is the
38 fully qualified hostname.
41 the logical network served by a single Kerberos database and a set of
42 Key Distribution Centers. By convention, realm names are generally all
43 uppercase letters, to differentiate the realm from the internet domain.
47 The typical format of a typical Kerberos principal is
48 primary/instance@@REALM.
51 any program or computer you access over a network. Examples of services
52 include ``host'' (a host, @i{e.g.}, when you use @code{telnet} and
53 @code{rsh}), ``ftp'' (FTP), ``krbtgt'' (authentication;
54 cf. @i{ticket-granting ticket}), and ``pop'' (email).
57 a temporary set of electronic credentials that verify the identity of a
58 client for a particular service.
61 Ticket-Granting Ticket. A special Kerberos ticket that permits the
62 client to obtain additional Kerberos tickets within the same Kerberos