krb5-user: Kerberos Glossary

 
 Kerberos Glossary
 *****************
 
 client
      an entity that can obtain a ticket.  This entity is usually either
      a user or a host.
 
 host
      a computer that can be accessed over a network.
 
 Kerberos
      in Greek mythology, the three-headed dog that guards the entrance
      to the underworld.  In the computing world, Kerberos is a network
      security package that was developed at MIT.
 
 KDC
      Key Distribution Center.  A machine that issues Kerberos tickets.
 
 keytab
      a key table file containing one or more keys.  A host or service
      uses a "keytab" file in much the same way as a user uses his/her
      password.
 
 principal
      a string that names a specific entity to which a set of
      credentials may be assigned.  It can have an arbitrary number of
      components, but generally has three:
 
     primary
           the first part of a Kerberos principal.  In the case of a
           user, it is the username.  In the case of a service, it is
           the name of the service.
 
     instance
           the second part of a Kerberos principal.  It gives
           information that qualifies the primary.  The instance may be
           null.  In the case of a user, the instance is often used to
           describe the intended use of the corresponding credentials.
           In the case of a host, the instance is the fully qualified
           hostname.
 
     realm
           the logical network served by a single Kerberos database and
           a set of Key Distribution Centers.  By convention, realm
           names are generally all uppercase letters, to differentiate
           the realm from the internet domain.
 
      The typical format of a typical Kerberos principal is
      primary/instance@REALM.
 
 service
      any program or computer you access over a network.  Examples of
      services include "host" (a host, e.g., when you use `telnet' and
      `rsh'), "ftp" (FTP), "krbtgt" (authentication; cf. ticket-granting
      ticket), and "pop" (email).
 
 ticket
      a temporary set of electronic credentials that verify the identity
      of a client for a particular service.
 
 TGT
      Ticket-Granting Ticket.  A special Kerberos ticket that permits the
      client to obtain additional Kerberos tickets within the same
      Kerberos realm.