kerberos(8)
NAME
kerberos - introduction to the Kerberos system
DESCRIPTION
- Kerberos is a network authentication system. Its purpose is
- to securely
authenticate users and services in an insecure network envi - ronment.
- This is done with a Kerberos server acting as a trusted
- third party,
keeping a database with secret keys for all users and ser - vices (collec
tively called principals). - Each principal belongs to exactly one realm, which is the
- administrative
domain in Kerberos. A realm usually corresponds to an organ - isation, and
the realm should normally be derived from that organisa - tion's domain
name. A realm is served by one or more Kerberos servers. - The authentication process involves exchange of `tickets'
- and
`authenticators' which together prove the principal's iden - tity.
- When you login to the Kerberos system, either through the
- normal system
login or with the kinit(1) program, you acquire a ticket - granting ticket
which allows you to get new tickets for other services, such - as telnet or
ftp, without giving your password. - For more information on how Kerberos works, and other gener
- al Kerberos
questions see the Kerberos FAQ at
http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html. - For setup instructions see the Heimdal Texinfo manual.
SEE ALSO
- ftp(1), kdestroy(1), kinit(1), klist(1), kpasswd(1), tel
- net(1)
HISTORY
- The Kerberos authentication system was developed in the late
- 1980's as
part of the Athena Project at the Massachusetts Institute of - Technology.
Versions one through three never reached outside MIT, but - version 4 was
(and still is) quite popular, especially in the academic - community, but
is also used in commercial products like the AFS filesystem. - The problems with version 4 are that it has many limita
- tions, the code
was not too well written (since it had been developed over a - long time),
and it has a number of known security problems. To resolve - many of these
issues work on version five started, and resulted in IETF - RFC1510 in
1993. Since then much work has been put into the further de - velopment, and
a new RFC will hopefully appear soon. - This manual manual page is part of the Heimdal Kerberos 5
- distribution,
which has been in development at the Royal Institute of - Technology in
Stockholm, Sweden, since about 1997. - HEIMDAL September 1, 2000