Definitions
Following are definitions of some of the Kerberos terminology.
     
- client
     
- an entity that can obtain a ticket.  This entity is usually either a
user or a host.
     
 
- host
     
- a computer that can be accessed over a network.
     
 
- Kerberos
     
- in Greek mythology, the three-headed dog that guards the entrance to the
underworld.  In the computing world, Kerberos is a network security
package that was developed at MIT.
     
 
- KDC
     
- Key Distribution Center.  A machine that issues Kerberos tickets.
     
 
- keytab
     
- a key table file containing one or more keys.  A host or service
uses a keytab file in much the same way as a user uses his/her
password.
     
 
- principal
     
- a string that names a specific entity to which a set of credentials may
be assigned.  It can have an arbitrary number of components, but
generally has three:
          
- primary
          
- the first part of a Kerberos principal.  In the case of a user, it
is the username.  In the case of a service, it is the name of the
service.
          
 
- instance
          
- the second part of a Kerberos principal.  It gives information that
qualifies the primary.  The instance may be null.  In the case of a
user, the instance is often used to describe the intended use of the
corresponding credentials.  In the case of a host, the instance is the
fully qualified hostname.
          
 
- realm
          
- the logical network served by a single Kerberos database and a set of
Key Distribution Centers.  By convention, realm names are generally all
uppercase letters, to differentiate the realm from the internet domain. 
 The typical format of a typical Kerberos principal is
primary/instance@REALM.
     
 
 
- service
     
- any program or computer you access over a network.  Examples of services
include "host" (a host, e.g., when you use telnetandrsh), "ftp" (FTP), "krbtgt" (authentication;
cf. ticket-granting ticket), and "pop" (email).
 
- ticket
     
- a temporary set of electronic credentials that verify the identity of a
client for a particular service.
     
 
- TGT
     
- Ticket-Granting Ticket.  A special Kerberos ticket that permits the
client to obtain additional Kerberos tickets within the same Kerberos
realm.