105 lines
4.1 KiB
Groff
105 lines
4.1 KiB
Groff
.\" Copyright (c) 2000 Kungliga Tekniska Högskolan
|
|
.\" (Royal Institute of Technology, Stockholm, Sweden).
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\"
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\"
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" 3. Neither the name of the Institute nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $Id: kerberos.8,v 1.6 2003/03/10 02:19:23 lha Exp $
|
|
.\"
|
|
.Dd September 1, 2000
|
|
.Dt KERBEROS 8
|
|
.Os HEIMDAL
|
|
.Sh NAME
|
|
.Nm kerberos
|
|
.Nd introduction to the Kerberos system
|
|
.Sh DESCRIPTION
|
|
Kerberos is a network authentication system. Its purpose is to
|
|
securely authenticate users and services in an insecure network
|
|
environment.
|
|
.Pp
|
|
This is done with a Kerberos server acting as a trusted third party,
|
|
keeping a database with secret keys for all users and services
|
|
(collectively called
|
|
.Em principals ) .
|
|
.Pp
|
|
Each principal belongs to exactly one
|
|
.Em realm ,
|
|
which is the administrative domain in Kerberos. A realm usually
|
|
corresponds to an organisation, and the realm should normally be
|
|
derived from that organisation's domain name. A realm is served by one
|
|
or more Kerberos servers.
|
|
.Pp
|
|
The authentication process involves exchange of
|
|
.Sq tickets
|
|
and
|
|
.Sq authenticators
|
|
which together prove the principal's identity.
|
|
.Pp
|
|
When you login to the Kerberos system, either through the normal
|
|
system login or with the
|
|
.Xr kinit 1
|
|
program, you acquire a
|
|
.Em ticket granting ticket
|
|
which allows you to get new tickets for other services, such as
|
|
.Ic telnet
|
|
or
|
|
.Ic ftp ,
|
|
without giving your password.
|
|
.Pp
|
|
For more information on how Kerberos works, and other general Kerberos
|
|
questions see the Kerberos FAQ at
|
|
.Pa http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html .
|
|
.Pp
|
|
For setup instructions see the Heimdal Texinfo manual.
|
|
.Sh SEE ALSO
|
|
.Xr ftp 1 ,
|
|
.Xr kdestroy 1 ,
|
|
.Xr kinit 1 ,
|
|
.Xr klist 1 ,
|
|
.Xr kpasswd 1 ,
|
|
.Xr telnet 1
|
|
.Sh HISTORY
|
|
The Kerberos authentication system was developed in the late 1980's as
|
|
part of the Athena Project at the Massachusetts Institute of
|
|
Technology. Versions one through three never reached outside MIT, but
|
|
version 4 was (and still is) quite popular, especially in the academic
|
|
community, but is also used in commercial products like the AFS
|
|
filesystem.
|
|
.Pp
|
|
The problems with version 4 are that it has many limitations, the code
|
|
was not too well written (since it had been developed over a long
|
|
time), and it has a number of known security problems. To resolve many
|
|
of these issues work on version five started, and resulted in IETF
|
|
RFC1510 in 1993. Since then much work has been put into the further
|
|
development, and a new RFC will hopefully appear soon.
|
|
.Pp
|
|
This manual manual page is part of the
|
|
.Nm Heimdal
|
|
Kerberos 5 distribution, which has been in development at the Royal
|
|
Institute of Technology in Stockholm, Sweden, since about 1997.
|