Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
KERBEROS(8)		    System Manager's Manual		   KERBEROS(8)

NAME
       kerberos	-- introduction	to the Kerberos	system

DESCRIPTION
       Kerberos	is a network authentication system. Its	purpose	is to securely
       authenticate users and services in an insecure network environment.

       This  is	 done  with a Kerberos server acting as	a trusted third	party,
       keeping a database with secret keys for all users and services (collec-
       tively called principals).

       Each principal belongs to exactly one realm, which is  the  administra-
       tive  domain  in	 Kerberos. A realm usually corresponds to an organisa-
       tion, and the realm should normally be derived from that	organisation's
       domain name. A realm is served by one or	more Kerberos servers.

       The  authentication  process  involves  exchange	  of   `tickets'   and
       `authenticators'	which together prove the principal's identity.

       When you	login to the Kerberos system, either through the normal	system
       login  or  with	the  kinit(1)  program,	 you acquire a ticket granting
       ticket which allows you to get new tickets for other services, such  as
       telnet or ftp, without giving your password.

       For  more information on	how Kerberos works, and	other general Kerberos
       questions	see	   the	       Kerberos		FAQ	    at
       http://www.cmf.nrl.navy.mil/krb/kerberos-faq.html.

       For setup instructions see the Heimdal Texinfo manual.

SEE ALSO
       ftp(1),	 kdestroy(1),	kinit(1),   klist(1),  kpasswd(1),  telnet(1),
       krb5(3),	krb5.conf(5), kadmin(1), kdc(8), ktutil(1)

HISTORY
       The Kerberos authentication system was developed	in the late 1980's  as
       part  of	 the Athena Project at the Massachusetts Institute of Technol-
       ogy. Versions one through three never reached outside MIT, but  version
       4  was  (and still is) quite popular, especially	in the academic	commu-
       nity, but is also used in commercial products like the AFS filesystem.

       The problems with version 4 are that it has many	limitations, the  code
       was  not	 too  well  written  (since  it	had been developed over	a long
       time), and it has a number of known security problems. To resolve  many
       of  these issues	work on	version	five started, and resulted in IETF RFC
       1510 in 1993. IETF RFC 1510 was obsoleted in 2005 with IETF  RFC	 4120,
       also  known  as	Kerberos  clarifications. With the arrival of IETF RFC
       4120, the work on adding	extensibility  and  internationalization  have
       started	(Kerberos  extensions),	 and  a	 new RFC will hopefully	appear
       soon.

       This manual page	is part	of the Heimdal Kerberos	5 distribution,	 which
       has  been in development	at the Royal Institute of Technology in	Stock-
       holm, Sweden, since about 1997.

HEIMDAL				 Jun 27, 2013			   KERBEROS(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=kerberos&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>

home | help