an entity that can obtain a ticket. This entity is usually either a
user or a host.
host
a computer that can be accessed over a network.
Kerberos
in Greek mythology, the three-headed dog that guards the entrance to the
underworld. In the computing world, Kerberos is a network security
package that was developed at MIT.
KDC
Key Distribution Center. A machine that issues Kerberos tickets.
keytab
a key table file containing one or more keys. A host or service
uses a keytab file in much the same way as a user uses his/her
password.
principal
a string that names a specific entity to which a set of credentials may
be assigned. It can have an arbitrary number of components, but
generally has three:
primary
the first part of a Kerberos principal. In the case of a user, it
is the username. In the case of a service, it is the name of the
service.
instance
the second part of a Kerberos principal. It gives information that
qualifies the primary. The instance may be null. In the case of a
user, the instance is often used to describe the intended use of the
corresponding credentials. In the case of a host, the instance is the
fully qualified hostname.
realm
the logical network served by a single Kerberos database and a set of
Key Distribution Centers. By convention, realm names are generally all
uppercase letters, to differentiate the realm from the internet domain.
The typical format of a typical Kerberos principal is
primary/instance@REALM.
service
any program or computer you access over a network. Examples of services
include “host” (a host, e.g., when you use telnet and
rsh), “ftp” (FTP), “krbtgt” (authentication;
cf. ticket-granting ticket), and “pop” (email).
ticket
a temporary set of electronic credentials that verify the identity of a
client for a particular service.
TGT
Ticket-Granting Ticket. A special Kerberos ticket that permits the
client to obtain additional Kerberos tickets within the same Kerberos
realm.