short kerberos intro page
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9019 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
73
lib/krb5/kerberos.8
Normal file
73
lib/krb5/kerberos.8
Normal file
@@ -0,0 +1,73 @@
|
|||||||
|
.\" $Id$
|
||||||
|
.\"
|
||||||
|
.Dd September 1, 2000
|
||||||
|
.Dt KERBEROS 8
|
||||||
|
.Os HEIMDAL
|
||||||
|
.Sh NAME
|
||||||
|
.Nm kerberos
|
||||||
|
.Nd introduction to the Kerberos system
|
||||||
|
.Sh DESCRIPTION
|
||||||
|
Kerberos is a network authentication system. It's purpose is to
|
||||||
|
securely authenticate users and services in an insecure network
|
||||||
|
environment.
|
||||||
|
.Pp
|
||||||
|
This is done with a Kerberos server acting as a trusted third party,
|
||||||
|
keeping a database with secret keys for all users and services
|
||||||
|
(collectively called
|
||||||
|
.Em principals ) .
|
||||||
|
.Pp
|
||||||
|
Each principal belongs to exactly one
|
||||||
|
.Em realm ,
|
||||||
|
which is the administrative domain in Kerberos. A realm usually
|
||||||
|
corresponds to an organisation, and the realm should normally be
|
||||||
|
derived from that organisation's domain name. A realm is served by one
|
||||||
|
or more Kerberos servers.
|
||||||
|
.Pp
|
||||||
|
The authentication process involves exchange of
|
||||||
|
.Sq tickets
|
||||||
|
and
|
||||||
|
.Sq authenticators
|
||||||
|
which together prove the principal's identity.
|
||||||
|
.Pp
|
||||||
|
When you login to the Kerberos system, either through the normal
|
||||||
|
system login or with the
|
||||||
|
.Xr kinit 1
|
||||||
|
program, you acquire a
|
||||||
|
.Em ticket granting ticket
|
||||||
|
which allows you to get new tickets for other services, such as
|
||||||
|
.Ic telnet
|
||||||
|
or
|
||||||
|
.Ic ftp ,
|
||||||
|
without giving your password.
|
||||||
|
.Pp
|
||||||
|
For more information on how Kerberos works, and other general Kerberos
|
||||||
|
questions see the Kerberos FAQ at
|
||||||
|
.Ad http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html .
|
||||||
|
|
||||||
|
For setup instructions see the Heimdal Texinfo manual.
|
||||||
|
.Sh SEE ALSO
|
||||||
|
.Xr ftp 1
|
||||||
|
.Xr kdestroy 1 ,
|
||||||
|
.Xr kinit 1 ,
|
||||||
|
.Xr klist 1 ,
|
||||||
|
.Xr kpasswd 1 ,
|
||||||
|
.Xr telnet 1
|
||||||
|
.Sh HISTORY
|
||||||
|
The Kerberos authentication system was developed in the late 1980's as
|
||||||
|
part of the Athena Project at the Massachusetts Institute of
|
||||||
|
Technology. Versions one through three never reached outside MIT, but
|
||||||
|
version 4 was (and still is) quite popular, especially in the academic
|
||||||
|
community, but is also used in commercial products like the AFS
|
||||||
|
filesystem.
|
||||||
|
.Pp
|
||||||
|
The problems with version 4 are that it has many limitations, the code
|
||||||
|
was not too well written (since it had been developed over a long
|
||||||
|
time), and it has a number of known security problems. To resolve many
|
||||||
|
of these issues work on version five started, and resulted in IETF
|
||||||
|
RFC1510 in 1993. Since then much work has been put into the further
|
||||||
|
development, and a new RFC will hopefully appear soon.
|
||||||
|
.Pp
|
||||||
|
This manual manual page is part of the
|
||||||
|
.Nm Heimdal
|
||||||
|
Kerberos 5 distribution, which has been in development at the Royal
|
||||||
|
Institute of Technology in Stockholm, Sweden, since about 1997.
|
||||||
Reference in New Issue
Block a user