Manualshelf

Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
21222324252627282930
Overview
How The Kerberos Server Works
Chapter 1 25
How The Kerberos Server Works
The term “Kerberos” was derived from Greek mythology. “Cerberus” is
the latin variant of Kerberos who guarded the entrance of Hades, the
Greek hell. The Kerberos security system, on the other hand, guards
electronic transmissions that are sent across the network.
Kerberos is a mature network authentication protocol based on the RFC
1510 specification of the IETF. It is designed to provide strong
authentication for client or server applications by using the shared
secret-key cryptography.
The Kerberos Server is based on a distributed client-server
architecture. It ensures secure communication in a networked
environment by leveraging individual trust relationships. It then brokers
that trust across enterprise-wide, distributed client-server networks.
The basic currency of Kerberos is the ticket, which the user presents in
order to use a specific service. Each service, be it a login service or an
FTP service, requires a different kind of ticket. Fortunately, the
Kerberized applications keep track of all the various kinds of tickets, so
you don’t have to.
When you first log on to Kerberos each day, you enter your Kerberos
password. In return, the Kerberos server gives you an initial ticket,
which you use to request for additional tickets from the Kerberos server
for all the other services. For this reason, the initial ticket is also often
called the ticket-granting-ticket, or TGT.
The communication between the client and server is secured by using the
Kerberos protocol. Thus, client programs make authentication requests
to an authentication server, and server programs in-turn service those
client requests. Based on a user’s credentials the server program grants
or denies a user’s request to access network applications and services.
The Kerberos Server allows entities to authenticate themselves,
without having to transmit their passwords in clear text form, over the
networks.