Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000) Previous Document: 1.13. What is the export status of Kerberos? Next Document: 1.15. I use software package See reader questions & answers on this topic! - Help others by sharing your knowledge In Kerberos, all authentication takes place between clients and servers. So in Kerberos termology, a "Kerberos client" is any entity that gets a service ticket for a Kerberos service. A client is typically a user, but any principal can be a client (unless for some reason the administrator has explicitly forbidden this principal to be a client). The term "Kerberos server" generally refers to the Key Distribution Center, or the KDC for short. The KDC implements the Authentication Service (AS) and the Ticket Granting Service (TGS). The KDC has a copy of every password associated with every principal. For this reason, it is absolutely vital that the KDC be as secure as possible. Most KDC implementations store the principals in a database, so you may hear the term "Kerberos database" applied to the KDC. For reliability purposes, it is possible to have backup KDCs. These are referred to as slave servers. The slaves all synchronize their databases from the master KDC. In most Kerberos implementations there is also an administration server which allows remote manipulation of the Kerberos database. This administration server usually runs on the KDC. The term "application server" generally refers to Kerberized programs that clients communicate with using Kerberos tickets for authentication. For example, the Kerberos telnet daemon (telnetd) is an example of an application server. User Contributions:Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000) Previous Document: 1.13. What is the export status of Kerberos? Next Document: 1.15. I use software package Single Page [ Usenet FAQs | Web FAQs | Documents | RFC Index ] Send corrections/additions to the FAQ Maintainer: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Last Update March 27 2014 @ 02:11 PM
|
Comment about this article, ask questions, or add new information about this topic: