A-Z
|
|---|
| authentication | | Verification of the claimed identity of a principal.
|
|---|
| authentication header | | A record containing a ticket and an authenticator
to be presented to a server as part of the authentication process.
|
|---|
| authentication path | | A sequence of intermediate realms transited in the
authentication process when communicating from one realm to another.
|
|---|
| authenticator | | A record containing information that can be shown
to have been recently generated using the session key known only
by the client and server.
|
|---|
| authorization | | The process of determining whether a client may
use a service, the objects the client is allowed to access, and
the type of access allowed.
|
|---|
| ciphertext | | The output of an encryption function. Encryption
transforms plaintext into ciphertext.
|
|---|
| client | | A process that uses a network service on behalf
of a user. In some cases a server may itself be a client of some
other server. (For example, a print server may be a client of a
file server.)
|
|---|
| credentials | | A ticket plus the secret session key necessary to
successfully use that ticket in an authentication exchange.
|
|---|
| KDC | | (Key Distribution Center) A network service that
supplies tickets and temporary session keys, or an instance of that
service or the host on which it runs. The KDC services both initial
ticket and ticket-granting ticket requests. The initial ticket portion is sometimes referred to as the
authentication server (or service). The ticket-granting ticket
portion is sometimes referred to as the ticket-granting server (or
service).
|
|---|
| Kerberos | | 1. In ancient mythology, the three-headed dog guarding
Hades. 2. The name given to Project Athena's authentication service,
the protocol used by that service, or the code used to implement
the authentication service.
|
|---|
| plaintext | | The input to an encryption function or the output
of a decryption function. Decryption transforms ciphertext into
plaintext.
|
|---|
| principal | | A uniquely named client or server instance that
participates in a network communication.
|
|---|
| principal identifier | | The name used to uniquely identify each different
principal.
|
|---|
| realm | | The administrative domain that encompasses Kerberos
clients and servers.
|
|---|
| seal | | To encipher a record containing several fields in such
a way that the fields cannot be individually replaced without either
knowledge of the encryption key or leaving evidence of tampering.
|
|---|
| secret key | | An encryption key shared by a principal and the
KDC, distributed outside the bounds of the system, with a long lifetime.
In the case of a human user's principal, the secret key is derived
from a password.
|
|---|
| server | | A particular principal that provides a resource
to network clients.
|
|---|
| service | | A resource provided to network clients; often provided
by more than one server (for example, remote file service).
|
|---|
| session key | | A temporary encryption key used between two principals,
with a lifetime limited to the duration of a single login session.
|
|---|
| subsession key | | A temporary encryption key used between two principals,
selected and exchanged by the principals using the session key,
and with a lifetime limited to the duration of a single association.
|
|---|
| ticket | | A record that helps a client authenticate itself
to a server; it contains the client's identity, a session key, a
timestamp, and other information, all sealed using the server's
secret key. It only serves to authenticate a client when presented
along with a fresh authenticator.
|
|---|
