icon Top 9 categories map      RocketAware >

kerberos(1)

Tips: Browse or Search all pages for efficient awareness of more than 6000 of the most popular reusable and open source applications, functions, libraries, and FAQs.


The "RKT couplings" below include links to source code, updates, additional information, advice, FAQs, and overviews.


Home

Search all pages


Subjects

By activity
Professions, Sciences, Humanities, Business, ...

User Interface
Text-based, GUI, Audio, Video, Keyboards, Mouse, Images,...

Text Strings
Conversions, tests, processing, manipulation,...

Math
Integer, Floating point, Matrix, Statistics, Boolean, ...

Processing
Algorithms, Memory, Process control, Debugging, ...

Stored Data
Data storage, Integrity, Encryption, Compression, ...

Communications
Networks, protocols, Interprocess, Remote, Client Server, ...

Hard World
Timing, Calendar and Clock, Audio, Video, Printer, Controls...

File System
Management, Filtering, File & Directory access, Viewers, ...

    

RocketLink!--> Man page versions: OpenBSD






KERBEROS(1)                                           KERBEROS(1)


NAME
       kerberos - introduction to the Kerberos system




DESCRIPTION
       For  better  documentation  please check the info-files in
       /usr/share/info

       The Kerberos system authenticates individual  users  in  a
       network  environment.   After  authenticating  yourself to
       Kerberos, you can use network utilities  such  as  rlogin,
       rcp, and rsh without having to present passwords to remote
       hosts and without having to  bother  with  .rhosts  files.
       Note that these utilities will work without passwords only
       if the remote machines you deal with support the  Kerberos
       system.   All Athena timesharing machines and public work-
       stations support Kerberos.

       Before you can use  Kerberos,  you  must  register  as  an
       Athena user, and you must make sure you have been added to
       the Kerberos database.  You can use the kinit  command  to
       find out.  This command tries to log you into the Kerberos
       system.  kinit will prompt you for a  username  and  pass-
       word.   Enter  your username and password.  If the utility
       lets you login without giving  you  a  message,  you  have
       already been registered.

       If  you  enter  your username and kinit responds with this
       message:

       Principal unknown (kerberos)

       you haven't been registered as a Kerberos user.  See  your
       system administrator.

       A  Kerberos  name  contains three parts.  The first is the
       principal name, which is usually  a  user's  or  service's
       name.   The second is the instance, which in the case of a
       user is usually null.   Some  users  may  have  privileged
       instances, however, such as ``root'' or ``admin''.  In the
       case of a service, the instance is the name of the machine
       on which it runs; i.e. there can be an rlogin service run-
       ning on the machine  ABC,  which  is  different  from  the
       rlogin service running on the machine XYZ.  The third part
       of a Kerberos name is the realm.  The realm corresponds to
       the  Kerberos  service  providing  authentication  for the
       principal.  For example, at MIT there is a  Kerberos  run-
       ning  at  the Laboratory for Computer Science and one run-
       ning at Project Athena.

       When writing a Kerberos name, the principal name is  sepa-
       rated from the instance (if not null) by a period, and the
       realm (if not the local realm)  follows,  preceded  by  an
       ``@''  sign.  The following are examples of valid Kerberos



MIT Project Athena     Kerberos Version 4.0                     1





KERBEROS(1)                                           KERBEROS(1)


       names:

               billb
               jis.admin
               srz@lcs.mit.edu
               treese.root@athena.mit.edu

       When you  authenticate  yourself  with  Kerberos,  through
       either  the  workstation  toehold system or the kinit com-
       mand, Kerberos gives you an initial Kerberos  ticket.   (A
       Kerberos ticket is an encrypted protocol message that pro-
       vides authentication.)  Kerberos uses this ticket for net-
       work  utilities such as rlogin and rcp.  The ticket trans-
       actions are done transparently, so you don't have to worry
       about their management.

       Note,  however,  that tickets expire.  Privileged tickets,
       such as root instance tickets, expire in  a  few  minutes,
       while  tickets  that carry more ordinary privileges may be
       good for several hours or a day, depending on the  instal-
       lation's policy.  If your login session extends beyond the
       time limit, you will have to re-authenticate  yourself  to
       Kerberos to get new tickets.  Use the kinit command to re-
       authenticate yourself.

       If you use the kinit command to  get  your  tickets,  make
       sure  you use the kdestroy command to destroy your tickets
       before you end your login session.   You  should  probably
       put the kdestroy command in your .logout file so that your
       tickets will be destroyed automatically when  you  logout.
       For  more  information  about  the kinit and kdestroy com-
       mands, see the kinit(1) and kdestroy(1) manual pages.

       Currently, Kerberos supports the  following  network  ser-
       vices:  rlogin,  rsh,  and  rcp.  Other services are being
       worked on, such as the pop mail system  and  NFS  (network
       file system), but are not yet available.


SEE ALSO
       kdestroy(1), kinit(1), klist(1), kpasswd(1), des_crypt(3),
       kerberos(3), kadmin(8)

BUGS
       Kerberos will not do authentication forwarding.  In  other
       words,  if  you  use rlogin to login to a remote host, you
       cannot use Kerberos services  from  that  host  until  you
       authenticate  yourself  explicitly on that host.  Although
       you may need to authenticate yourself on the remote  host,
       be  aware  that when you do so, rlogin sends your password
       across the network in clear text.






MIT Project Athena     Kerberos Version 4.0                     2





KERBEROS(1)                                           KERBEROS(1)


AUTHORS
       Steve Miller, MIT Project Athena/Digital Equipment  Corpo-
       ration
       Clifford Neuman, MIT Project Athena

       The  following people helped out on various aspects of the
       system:

       Jeff Schiller designed and wrote the administration server
       and  its  user  interface,  kadmin.  He also wrote the dbm
       version of the database management system.

       Mark Colan developed the Kerberos versions of rlogin, rsh,
       and rcp, as well as contributing work on the servers.

       John Ostlund developed the Kerberos versions of passwd and
       userreg.

       Stan Zanarotti  pioneered  Kerberos  in  a  foreign  realm
       (LCS),  and  made many contributions based on that experi-
       ence.

       Many people contributed code and/or useful ideas,  includ-
       ing  Jim  Aspnes,  Bob Baldwin, John Barba, Richard Basch,
       Jim Bloom,  Bill  Bryant,  Rob  French,  Dan  Geer,  David
       Jedlinsky,  John  Kohl, John Kubiatowicz, Bob McKie, Brian
       Murphy,  Ken  Raeburn,  Chris  Reed,  Jon  Rochlis,   Mike
       Shanzer,  Bill Sommerfeld, Jennifer Steiner, Ted Ts'o, and
       Win Treese.


RESTRICTIONS
       COPYRIGHT 1985,1986 Massachusetts Institute of Technology
























MIT Project Athena     Kerberos Version 4.0                     3



Source: OpenBSD 2.6 man pages. Copyright: Portions are copyrighted by BERKELEY
SOFTWARE DESIGN, INC., The Regents of the University of California, Massachusetts
Institute of Technology, Free Software Foundation, FreeBSD Inc., and others.



(Corrections, notes, and links courtesy of RocketAware.com)


[Detailed Topics]
FreeBSD Sources for kerberos(1)
OpenBSD sources for kerberos(1)


[Overview Topics]

Up to: Kerberos authentication


RocketLink!--> Man page versions: OpenBSD






Rapid-Links: Search | About | Comments | Submit Path: RocketAware > kerberos.1/
RocketAware.com is a service of Mib Software
Copyright 1999, Forrest J. Cavalier III. All Rights Reserved.
We welcome submissions and comments