Manualshelf

Kerberos White Paper

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
45678910111213
Glossary
Following is a list of terms used throughout this document:
Name Definition
Authentication Verification of the claimed identity of a principal.
Authenticator A record containing information that can be shown to have
been recently generated using the session key known only by
the client and server.
Authorization The process of determining whether a client can use a
service, which objects the client is allowed to access, and the
type of access allowed for each.
Client A process that makes use of a network service on behalf of a
user. Note that in some cases, a server can itself be a client
of some other server (e.g., a print server can be a client of a
file server).
Credentials A TGT plus the session key sent by the AS in response to an
authentication request. This is stored in the user’s credential
cache, thus eliminating the need to re-key passwords multiple
times during a session.
KDC Key Distribution Center, a network service that supplies
tickets and temporary session keys; or an instance of that
service or the host on which it runs. The KDC services both
initial ticket and ticket-granting ticket requests. The initial
ticket portion is sometimes referred to as the Authentication
Server (or service). The ticket-granting ticket portion is
sometimes referred to as the ticket-granting server (or
service).
Kerberos A network authentication protocol. It is designed to provide
strong authentication for client/server applications by using
secret-key cryptography. A free implementation of this
protocol is available from the
Massachusetts Institute of
Technology.
LDAP Lightweight Directory Access Protocol (LDAP), an Internet
protocol that email programs use to look up contact
information from a server. LDAP was designed at the
University of Michigan to adapt a complex enterprise
directory system (called X.500) to the modern Internet. X.500
is too complex to support on desktops and over the Internet,
so LDAP was created to provide this service. LDAP has
broader applications, such as looking up services and
devices on the Internet and intranets.