Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Overview
Authentication Process
Chapter 1 27
Authentication Process
To aid you in understanding the configuration and administration issues
this section describes the authentication process. The process of
Configuring and Administering your Kerberos Server have been
discussed in detail in the subsequent chapters of this manual.
Before the Kerberos Server grants tickets to a user principal to access
secured network services, a user must sign on to the Server by providing
knowledge of secret information, such as a user name and password.
Once the server authenticates the user, it returns a set of initial
credentials for the user, consisting of a ticket-granting-ticket (TGT)
and a session key.
A service ticket is granted for a specific service principal, which can be
associated with one or more Kerberos-secured services on the same
system. The service ticket is used by a client application on behalf of the
user, to authenticate the user to the Kerberos-secured network service.
The secured client application automatically handles the transactions
with the Server and the secured application server. Service tickets and
associated session keys are generally cached in the user’s credentials
cache along with the user’s TGT.