User's Manual
Glossary-19
principal
A string that uniquely identifies a client or server to which a set of Kerberos
credentials is assigned. It generally has three parts:
kservice/kinstance@REALM. In the case of a user, kservice is the username.
See also kservice, kinstance, and realm
private key
In public-key cryptography, this key is the secret key. It is primarily used for
decryption but is also used for encryption with digital signatures. See public and
private key pair
proxy authentication
A process typically employed in an environment with a middle tier such as a
firewall, wherein the end user authenticates to the middle tier, which thence
authenticates to the directory on the user's behalf—as its proxy. The middle tier logs
into the directory as a proxy user. A proxy user can switch identities and, once
logged into the directory, switch to the end user's identity. It can perform operations
on the end user's behalf, using the authorization appropriate to that particular end
user.
public key
In public-key cryptography, this key is made public to all. It is primarily
used for encryption but can be used for verifying signatures. See public and private
key pair
public key encryption
The process where the sender of a message encrypts the message with the public
key of the recipient. Upon delivery, the message is decrypted by the recipient using
its private key.
public key infrastructure (PKI)
Information security technology utilizing the principles of public key cryptography.
Public key cryptography involves encrypting and decrypting information using a
shared public and private key pair. Provides for secure, private communications
within a public network.
public and private key pair
A set of two numbers used for encryption and decryption, where one is called the
private key and the other is called the public key. Public keys are typically made
widely available, while private keys are held by their respective owners. Though