Kerberos White Paper
Principal A unique name for a user or service stored in a KDC
Secret key An encryption key shared by a principal and the KDC,
distributed outside the bounds of the system, with a long
lifetime. In the case of a user's principal, the secret key is
derived from a password.
Service A resource provided to network clients; often provided by
more than one server (for example, remote file service).
Session key A temporary encryption key used between two principals,
with a lifetime limited to the duration of a single login
session.
Ticket A record that helps a client authenticate itself to a server; it
contains the client's identity and other information all sealed
using the server's secret key.
TGT An initial ticket issued by the AS which is used to request
additional tickets from the TGS for access to network
services.
© 2005 Hewlett-Packard Development Company, L.P. The information
contained herein is subject to change without notice. The only warranties for
HP products and services are set forth in the express warranty statements
accompanying such products and services. Nothing herein should be construed
as constituting an additional warranty. HP shall not be liable for technical or
editorial errors or omissions contained herein.
Itanium is a trademark or registered trademark of Intel Corporation in the U.S.
and other countries and is used under license.
XXXX-XXXXEN, 03/2005