Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i

Understanding the Terminology

and services via a trusted third party called a Key Distribution Center

(KDC). HP provides a KDC on the security server, while Windows 2000

provides a KDC on the domain controller.

Each KDC stores information about trusted users and services in a

central database, the principal database in HP’s terms; the domain’s

Active Directory in Microsoft terms. Each database contains a

database contains a collection called a domain and each entry is an

account.

term secret key; Microsoft uses the terms long-term key or shared

principal key. The KDC, as the trusted third party, shares a unique

secret key with all of its principals. When a principal and the KDC

exchange information to establish trust, the principal uses its secret key

to encrypt the message; the KDC decrypts the message using the

principal’s secret key stored in the database and then attempts to

authenticate the principal.

During logon, if the KDC can successfully authenticate the user, it

responds with a special message called a ticket-granting ticket. The

ticket entitles the user to request access to other services known to the

KDC.

The client system stores the ticket in memory. In HP’s terminology, the

client system stores the ticket in the credentials cache and uses it to

request service tickets to authenticate to applications or services on the

network. In Microsoft terminology, the client system stores the ticket in

the secure cache and uses it to request session tickets to authenticate to