skip to main | skip to sidebar

Linux Tutorial for Beginners

Pages

  • Home
 
  • RSS
  • Twitter
Wednesday, February 15, 2012

Kerberos Terminology explanation

Posted by Raju Gupta at 1:03 AM – 2 comments
 

Kerberos has its own terminology to define various aspects of the service. Before learning how Kerberos works, it is important to learn the following terms.

1.      Authentication server (AS) :-- A server that issues tickets for a desired service which are in turn given to users for access to the service. The AS responds to requests from clients who do not have or do not send credentials with a request. It is usually used to gain access to the ticket-granting server (TGS) service by issuing a ticket-granting ticket (TGT). The AS usually runs on the same host as the key distribution center (KDC).
2.      Cipher text  :-- Encrypted data.
3.      Client  :-- An entity on the network (a user, a host, or an application) that can receive a ticket from Kerberos.
4.      Credentials  :--  A temporary set of electronic credentials that verify the identity of a client for a particular service. Also called a ticket.
5.      Credential cache or ticket file:--  A file which contains the keys for encrypting communications between a user and various network services. Kerberos 5 supports a framework for using other cache types, such as shared memory, but files are more thoroughly supported.
6.      Crypt hash  :--  A one-way hash used to authenticate users. These are more secure than using unencrypted data, but they are still relatively easy to decrypt for an experienced cracker.
7.      GSS-API  :-- The Generic Security Service Application Program Interface (defined in RFC-2743 published by The Internet Engineering Task Force) is a set of functions which provide security services. This API is used by clients and services to authenticate to each other without either program having specific knowledge of the underlying mechanism. If a network service (such as cyrus-IMAP) uses GSS-API, it can authenticate using Kerberos.
8.      Hash :--  Also known as a hash value. A value generated by passing a string through a hash function. These values are typically used to ensure that transmitted data has not been tampered with.
9.      Hash function :--  A way of generating a digital "fingerprint" from input data. These functions rearrange, transpose or otherwise alter data to produce a hash value.
10.  Key :--  Data used when encrypting or decrypting other data. Encrypted data cannot be decrypted without the proper key or extremely good fortune on the part of the cracker.
11.  Key distribution center (KDC) :-- A service that issues Kerberos tickets, and which usually run on the same host as the ticket-granting server (TGS).
12.  Keytab (or key table)  :--  A file that includes an unencrypted list of principals and their keys. Servers retrieve the keys they need from keytab files instead of using kinit. The default keytab file is /etc/krb5.keytab. The KDC administration server, /usr/kerberos/sbin/kadmind, is the only service that uses any other file (it uses /var/kerberos/krb5kdc/kadm5.keytab).
13.  Kinit :--  The kinit command allows a principal who has already logged in to obtain and cache the initial ticket-granting ticket (TGT). Refer to the kinit man page for more information.
14.  Principal (or principal name) :-- The principal is the unique name of a user or service allowed to authenticate using Kerberos. A principal follows the form root[/instance]@REALM. For a typical user, the root is the same as their login ID. The instance is optional. If the principal has an instance, it is separated from the root with a forward slash ("/"). An empty string ("") is considered a valid instance (which differs from the default NULL instance), but using it can be confusing. All principals in a realm have their own key, which for users is derived from a password or is randomly set for services.
15.  Realm  :-- A network that uses Kerberos, composed of one or more servers called KDCs and a potentially large number of clients.
16.  Service  :-- A program accessed over the network.
17.  Ticket :-- A temporary set of electronic credentials that verify the identity of a client for a particular service. Also called credentials.
18.  Ticket-granting server (TGS)  :--  A server that issues tickets for a desired service which are in turn given to users for access to the service. The TGS usually runs on the same host as the KDC.
19.  Ticket-granting ticket (TGT)  :--  A special ticket that allows the client to obtain additional tickets without applying for them from the KDC.
20.  Unencrypted password  :--  A plain text, human-readable password. 
Labels: Kerberos Email This BlogThis! Share to Twitter Share to Facebook

2 Responses so far.

  1. S.Manikandan says:
    February 27, 2012 at 3:37 AM

    hi,
    very useful, it has been a while since i read RH333, but i once again recalled every thing.


    thank you buddy
    --
    Regards
    S.Manikandan(BE,RHCSS, RHCE),
    SysAdmin
    E-Mail:- vijaysomt@gmail.com
    mobile:- +91-9865313396

  2. Raju Gupta says:
    February 27, 2012 at 3:46 AM

    Wellcome Vijay.................

Leave a Reply

Newer Post Older Post
Subscribe to: Post Comments (Atom)

Our Blogs

  • Java Programs with Output
  • C Programming Tutorial
  • Language Tutorial
  • Android Development Tutorial
  • Web Development Tutorial
  • Popular
  • Recent
  • Archives

Popular Posts

  • How to create limited shell
    We want to limit the activities or command to run for specific user then, how to limit a shell? here are the steps to create limited shel...
  • Apache and SELinux File Labels
    Take a look at the SELinux settings associated with Apache. To review, SELinux settings, as they relate to a service, mostly fall into tw...
  • Advantages & Disadvantages of Kerberos
    Advantages of Kerberos Most conventional network services use password-based authentication schemes. Such schemes require a user to au...
  • Apache Configuration File Security Option
    you’ll examine the security options available in the main Apache configuration file, httpd.conf. That file can be modified to secure the e...
  • AWS VPC Overview
    What is VPC ? A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other vir...
  • SSH login without password
    The following steps can be used to ssh from one system to another without specifying a password: 1. On the client run the following com...
  • How to automatically chroot jail selected ssh user logins
    1. Creating basic chroot environment First we need to create a simple chroot environment. Our chroot environment will consist of a bash she...
  • Apache Installation and Configuration through source code
    In this example we extract the source code to a directory under /usr/local/src/ cp httpd-2.0.46.tar.gz /usr/local/src cd /usr/local/src...
  • Tcpdump command with some examples
    To print all packets arriving at or departing from sundown: tcpdump host sundown To print traffic between helios and either hot or ace: ...
  • How to Create the Kerberos database
    Create the database with the following command.  [root@coma ~] kdb5_util create -s This will prompt you for a password. You will ...
Powered by Blogger.

Archives

  • ►  2014 (1)
    • ►  May (1)
  • ►  2013 (4)
    • ►  February (4)
  • ▼  2012 (89)
    • ►  November (1)
    • ►  March (4)
    • ▼  February (36)
      • Why sendmail Is So Complex?
      • Defination of MUA, MTA & MSA (sendmail)
      • Mail Server Basic
      • Configuring a DHCP Client
      • Starting and Stopping the DHCP Server
      • DHCP Lease Database
      • Dhcp configuration file Example
      • Dhcp Configuration file Logic
      • How to install DHCP?
      • What is dhcp ?
      • ls command
      • Some important point about Iptables
      • Explain iptables terminology
      • Iptables
      • How to install PHP on linux system
      • How does LDAP work ?
      • What is LDAP ?
      • How to configure Slave KDC (Backup KDC)
      • How to Create the Kerberos database
      • Edit /var/kerberos/krb5kdc/kadm5.acl & /etc/gssapi...
      • Edit /var/kerberos/krb5kdc/kdc.conf
      • Edit file /etc/krb5.com
      • How to create bridge ?
      • How to explain Webmin?
      • Setup rsync over ssh without password on Linux
      • Linux chkconfig Command Examples
      • How to create limited shell
      • How to Domain-to-Realm Mapping
      • How to configuring a Kerberos 5 Client
      • How to Configuring a Kerberos 5 Server
      • Some important information about Kerberos
      • How Kerberos Works
      • Kerberos Terminology explanation
      • Kerberos and PAM
      • Advantages & Disadvantages of Kerberos
      • What is Kerberos?
    • ►  January (48)
 

Followers

Labels

  • Apache (8)
  • aws (1)
  • Bridge (1)
  • cloud computing (1)
  • Configuration (1)
  • dhcp server (7)
  • DNS (8)
  • File system (11)
  • Fping (1)
  • Iptable basic (3)
  • KDC slave server (1)
  • Kerberos (14)
  • kerberos configuration (5)
  • kerberos database (1)
  • LaTeX (1)
  • Ldap basic (2)
  • Linux aliases (1)
  • Linux Commands (4)
  • Linux History (2)
  • Linux Installation (3)
  • Linux kernel (3)
  • Linux shell (2)
  • Linux software (2)
  • Lvm (1)
  • Mail Server (3)
  • Network Script (1)
  • PHP (1)
  • Raid (6)
  • SELinux (1)
  • Sendmail (3)
  • ssh (2)
  • Tcpdump example (1)
  • Virtualization (5)
  • Webmin (1)
  • Yum (2)
 
 
© 2011 Linux Tutorial for Beginners | Designs by Web2feel & Fab Themes

Bloggerized by DheTemplate.com - Main Blogger