1*0a6a1f1dSLionel Sambuc.\" $NetBSD: kerberos.8,v 1.1.1.3 2014/04/24 12:45:50 pettai Exp $ 2ebfedea0SLionel Sambuc.\" 3ebfedea0SLionel Sambuc.\" Copyright (c) 2000 Kungliga Tekniska Högskolan 4ebfedea0SLionel Sambuc.\" (Royal Institute of Technology, Stockholm, Sweden). 5ebfedea0SLionel Sambuc.\" All rights reserved. 6ebfedea0SLionel Sambuc.\" 7ebfedea0SLionel Sambuc.\" Redistribution and use in source and binary forms, with or without 8ebfedea0SLionel Sambuc.\" modification, are permitted provided that the following conditions 9ebfedea0SLionel Sambuc.\" are met: 10ebfedea0SLionel Sambuc.\" 11ebfedea0SLionel Sambuc.\" 1. Redistributions of source code must retain the above copyright 12ebfedea0SLionel Sambuc.\" notice, this list of conditions and the following disclaimer. 13ebfedea0SLionel Sambuc.\" 14ebfedea0SLionel Sambuc.\" 2. Redistributions in binary form must reproduce the above copyright 15ebfedea0SLionel Sambuc.\" notice, this list of conditions and the following disclaimer in the 16ebfedea0SLionel Sambuc.\" documentation and/or other materials provided with the distribution. 17ebfedea0SLionel Sambuc.\" 18ebfedea0SLionel Sambuc.\" 3. Neither the name of the Institute nor the names of its contributors 19ebfedea0SLionel Sambuc.\" may be used to endorse or promote products derived from this software 20ebfedea0SLionel Sambuc.\" without specific prior written permission. 21ebfedea0SLionel Sambuc.\" 22ebfedea0SLionel Sambuc.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23ebfedea0SLionel Sambuc.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24ebfedea0SLionel Sambuc.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25ebfedea0SLionel Sambuc.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26ebfedea0SLionel Sambuc.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27ebfedea0SLionel Sambuc.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28ebfedea0SLionel Sambuc.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29ebfedea0SLionel Sambuc.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30ebfedea0SLionel Sambuc.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31ebfedea0SLionel Sambuc.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32ebfedea0SLionel Sambuc.\" SUCH DAMAGE. 33ebfedea0SLionel Sambuc.\" 34ebfedea0SLionel Sambuc.\" Id 35ebfedea0SLionel Sambuc.\" 36ebfedea0SLionel Sambuc.Dd September 1, 2000 37ebfedea0SLionel Sambuc.Dt KERBEROS 8 38ebfedea0SLionel Sambuc.Os 39ebfedea0SLionel Sambuc.Sh NAME 40ebfedea0SLionel Sambuc.Nm kerberos 41ebfedea0SLionel Sambuc.Nd introduction to the Kerberos system 42ebfedea0SLionel Sambuc.Sh DESCRIPTION 43ebfedea0SLionel SambucKerberos is a network authentication system. Its purpose is to 44ebfedea0SLionel Sambucsecurely authenticate users and services in an insecure network 45ebfedea0SLionel Sambucenvironment. 46ebfedea0SLionel Sambuc.Pp 47ebfedea0SLionel SambucThis is done with a Kerberos server acting as a trusted third party, 48ebfedea0SLionel Sambuckeeping a database with secret keys for all users and services 49ebfedea0SLionel Sambuc(collectively called 50ebfedea0SLionel Sambuc.Em principals ) . 51ebfedea0SLionel Sambuc.Pp 52ebfedea0SLionel SambucEach principal belongs to exactly one 53ebfedea0SLionel Sambuc.Em realm , 54ebfedea0SLionel Sambucwhich is the administrative domain in Kerberos. A realm usually 55ebfedea0SLionel Sambuccorresponds to an organisation, and the realm should normally be 56ebfedea0SLionel Sambucderived from that organisation's domain name. A realm is served by one 57ebfedea0SLionel Sambucor more Kerberos servers. 58ebfedea0SLionel Sambuc.Pp 59ebfedea0SLionel SambucThe authentication process involves exchange of 60ebfedea0SLionel Sambuc.Sq tickets 61ebfedea0SLionel Sambucand 62ebfedea0SLionel Sambuc.Sq authenticators 63ebfedea0SLionel Sambucwhich together prove the principal's identity. 64ebfedea0SLionel Sambuc.Pp 65ebfedea0SLionel SambucWhen you login to the Kerberos system, either through the normal 66ebfedea0SLionel Sambucsystem login or with the 67ebfedea0SLionel Sambuc.Xr kinit 1 68ebfedea0SLionel Sambucprogram, you acquire a 69ebfedea0SLionel Sambuc.Em ticket granting ticket 70ebfedea0SLionel Sambucwhich allows you to get new tickets for other services, such as 71ebfedea0SLionel Sambuc.Ic telnet 72ebfedea0SLionel Sambucor 73ebfedea0SLionel Sambuc.Ic ftp , 74ebfedea0SLionel Sambucwithout giving your password. 75ebfedea0SLionel Sambuc.Pp 76ebfedea0SLionel SambucFor more information on how Kerberos works, and other general Kerberos 77ebfedea0SLionel Sambucquestions see the Kerberos FAQ at 78*0a6a1f1dSLionel Sambuc.Pa http://www.cmf.nrl.navy.mil/krb/kerberos-faq.html . 79ebfedea0SLionel Sambuc.Pp 80ebfedea0SLionel SambucFor setup instructions see the Heimdal Texinfo manual. 81ebfedea0SLionel Sambuc.Sh SEE ALSO 82ebfedea0SLionel Sambuc.Xr ftp 1 , 83ebfedea0SLionel Sambuc.Xr kdestroy 1 , 84ebfedea0SLionel Sambuc.Xr kinit 1 , 85ebfedea0SLionel Sambuc.Xr klist 1 , 86ebfedea0SLionel Sambuc.Xr kpasswd 1 , 87ebfedea0SLionel Sambuc.Xr telnet 1 88ebfedea0SLionel Sambuc.Sh HISTORY 89ebfedea0SLionel SambucThe Kerberos authentication system was developed in the late 1980's as 90ebfedea0SLionel Sambucpart of the Athena Project at the Massachusetts Institute of 91ebfedea0SLionel SambucTechnology. Versions one through three never reached outside MIT, but 92ebfedea0SLionel Sambucversion 4 was (and still is) quite popular, especially in the academic 93ebfedea0SLionel Sambuccommunity, but is also used in commercial products like the AFS 94ebfedea0SLionel Sambucfilesystem. 95ebfedea0SLionel Sambuc.Pp 96ebfedea0SLionel SambucThe problems with version 4 are that it has many limitations, the code 97ebfedea0SLionel Sambucwas not too well written (since it had been developed over a long 98ebfedea0SLionel Sambuctime), and it has a number of known security problems. To resolve many 99ebfedea0SLionel Sambucof these issues work on version five started, and resulted in IETF RFC 100ebfedea0SLionel Sambuc1510 in 1993. IETF RFC 1510 was obsoleted in 2005 with IETF RFC 4120, 101ebfedea0SLionel Sambucalso known as Kerberos clarifications. With the arrival of IETF RFC 102ebfedea0SLionel Sambuc4120, the work on adding extensibility and internationalization have 103ebfedea0SLionel Sambucstarted (Kerberos extensions), and a new RFC will hopefully appear 104ebfedea0SLionel Sambucsoon. 105ebfedea0SLionel Sambuc.Pp 106ebfedea0SLionel SambucThis manual page is part of the 107ebfedea0SLionel Sambuc.Nm Heimdal 108ebfedea0SLionel SambucKerberos 5 distribution, which has been in development at the Royal 109ebfedea0SLionel SambucInstitute of Technology in Stockholm, Sweden, since about 1997. 110