krb5-user: Kerberos Glossary
an entity that can obtain a ticket. This entity is usually either
a user or a host.
a computer that can be accessed over a network.
in Greek mythology, the three-headed dog that guards the entrance
to the underworld. In the computing world, Kerberos is a network
security package that was developed at MIT.
Key Distribution Center. A machine that issues Kerberos tickets.
a key table file containing one or more keys. A host or service
uses a "keytab" file in much the same way as a user uses his/her
a string that names a specific entity to which a set of
credentials may be assigned. It can have an arbitrary number of
components, but generally has three:
the first part of a Kerberos principal. In the case of a
user, it is the username. In the case of a service, it is
the name of the service.
the second part of a Kerberos principal. It gives
information that qualifies the primary. The instance may be
null. In the case of a user, the instance is often used to
describe the intended use of the corresponding credentials.
In the case of a host, the instance is the fully qualified
the logical network served by a single Kerberos database and
a set of Key Distribution Centers. By convention, realm
names are generally all uppercase letters, to differentiate
the realm from the internet domain.
The typical format of a typical Kerberos principal is
any program or computer you access over a network. Examples of
services include "host" (a host, e.g., when you use `telnet' and
`rsh'), "ftp" (FTP), "krbtgt" (authentication; cf. ticket-granting
ticket), and "pop" (email).
a temporary set of electronic credentials that verify the identity
of a client for a particular service.
Ticket-Granting Ticket. A special Kerberos ticket that permits the
client to obtain additional Kerberos tickets within the same