Configuration Guide for Kerberos Client Products on HP-UX 11.0 | HP-UX 11i v1 | HP-UX 11i v1.6 | HP-UX 11i v2
Overview
Kerberos Overview
Chapter 1 19
Kerberos Overview
Kerberos is a mature network authentication protocol based on the RFC
1510 specification of the IETF. It is designed to provide strong
authentication for client or server applications by using the shared
secret-key cryptography.
The basic currency of Kerberos is the ticket, which the user presents in
order to use a specific service. Each service, be it a login service or an
FTP service, requires a different kind of ticket. Fortunately, the
Kerberized applications keep track of all the various kinds of tickets, so
you don’t have to.
When you first log on to the Kerberos setup each day, you enter your
Kerberos password. In return, the Kerberos server gives you an initial
ticket, which you use to request for additional tickets from the Kerberos
server for all the other services. For this reason, the initial ticket is also
often called the ticket-granting-ticket, or TGT.
When the user accesses a remote system in a Kerberos environment, the
user’sworkstation obtains a Service Ticket using the previously acquired
TGT and passes the service ticket to the remote application server (such
as telnetd or ftpd) for authentication. The remote application server
authenticates the user by validating the service ticket using a secret key
that is known only by the KDC and the application server.
The communication between the client andthe server is secured by using
the Kerberos protocol. Thus, client programs make authentication
requests to an authentication server, and server programs in-turn
service those client requests. Based on a user’s credentials, the server
program grants or denies a user’s request to access network applications