Home Man
Today's Posts

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

Linux 2.6 - man page for kerberos (linux section 1)

KERBEROS(1)									      KERBEROS(1)

       kerberos - introduction to the Kerberos system

       The  Kerberos  system  authenticates  individual  users	in  a network environment.  After
       authenticating yourself to Kerberos, you can use network utilities such	as  rlogin,  rcp,
       and  rsh  without having to present passwords to remote hosts and without having to bother
       with .rhosts files.  Note that these utilities will work without  passwords  only  if  the
       remote machines you deal with support the Kerberos system.

       If you enter your username and kinit responds with this message:

       kinit(v5): Client not found in Kerberos database while getting initial credentials

       you haven't been registered as a Kerberos user.	See your system administrator.

       A  Kerberos name usually contains three parts.  The first is the primary, which is usually
       a user's or service's name.  The second is the instance, which in the case of  a  user  is
       usually	null.	Some  users  may  have privileged instances, however, such as ``root'' or
       ``admin''.  In the case of a service, the instance is the  fully  qualified  name  of  the
       machine	on which it runs; i.e. there can be an rlogin service running on the machine ABC,
       which is different from the rlogin service running on the machine XYZ.  The third part  of
       a  Kerberos  name  is  the realm.  The realm corresponds to the Kerberos service providing
       authentication for the principal.

       When writing a Kerberos name, the principal name is separated from the  instance  (if  not
       null)  by  a  slash,  and the realm (if not the local realm) follows, preceded by an ``@''
       sign.  The following are examples of valid Kerberos names:


       When you authenticate yourself with Kerberos you get an initial Kerberos ticket.  (A  Ker-
       beros  ticket  is  an  encrypted protocol message that provides authentication.)  Kerberos
       uses this ticket for network utilities such as rlogin and rcp.	The  ticket  transactions
       are done transparently, so you don't have to worry about their management.

       Note,  however,	that tickets expire.  Privileged tickets, such as those with the instance
       ``root'', expire in a few minutes, while tickets that carry more ordinary  privileges  may
       be good for several hours or a day, depending on the installation's policy.  If your login
       session extends beyond the time limit, you will have to re-authenticate yourself  to  Ker-
       beros to get new tickets.  Use the kinit command to re-authenticate yourself.

       If  you	use the kinit command to get your tickets, make sure you use the kdestroy command
       to destroy your tickets before you end your login session.  You should  put  the  kdestroy
       command in your .logout file so that your tickets will be destroyed automatically when you
       logout.	For more information about the kinit and kdestroy commands, see the kinit(1)  and
       kdestroy(1) manual pages.

       Kerberos tickets can be forwarded.  In order to forward tickets, you must request forward-
       able tickets when you kinit.  Once you have forwardable tickets,  most  Kerberos  programs
       have a command line option to forward them to the remote host.

       Currently,  Kerberos support is available for the following network services: rlogin, rsh,
       rcp, telnet, ftp, krdist (a Kerberized version of rdist), ksu  (a  Kerberized  version  of
       su), login, and Xdm.

       kdestroy(1),  kinit(1),	klist(1),  kpasswd(1),	rsh(1),  rcp(1),  rlogin(1), telnet(1),
       ftp(1), krdist(1), ksu(1),  sclient(1),	xdm(1),  des_crypt(3),	hash(3),  krb5strings(3),
       krb5.conf(5),  kdc.conf(5),  kadmin(8),	kadmind(8),  kdb5_util(8),  telnetd(8),  ftpd(8),
       rdistd(8), sserver(8), klogind(8c), kshd(8c), login(8c)

       Steve Miller, MIT Project Athena/Digital Equipment Corporation
       Clifford Neuman, MIT Project Athena

       Kerberos was developed at MIT.  OpenVision rewrote and donated the administration  server,
       which is used in the current version of Kerberos 5.

       Copyright 1985,1986,1989-1996,2002 Massachusetts Institute of Technology


All times are GMT -4. The time now is 03:16 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
Show Password

Not a Forum Member?
Forgot Password?