kerberos man page on 4.4BSD

Man page or keyword search:  
man Server   1065 pages
apropos Keyword Search (all sections)
Output format
4.4BSD logo
[printable version]

KERBEROS(1)							   KERBEROS(1)

       kerberos - introduction to the Kerberos system

       The  Kerberos  system authenticates individual users in a network envi‐
       ronment.	 After authenticating yourself to Kerberos, you can  use  net‐
       work  utilities	such as rlogin, rcp, and rsh without having to present
       passwords to remote hosts and without having  to	 bother	 with  .rhosts
       files.	Note  that these utilities will work without passwords only if
       the remote machines you deal with support  the  Kerberos	 system.   All
       Athena timesharing machines and public workstations support Kerberos.

       Before  you  can use Kerberos, you must register as an Athena user, and
       you must make sure you have been added to the Kerberos  database.   You
       can  use	 the kinit command to find out.	 This command tries to log you
       into the Kerberos system.  kinit will prompt you	 for  a	 username  and
       password.   Enter  your username and password.  If the utility lets you
       login without giving you a message, you have already been registered.

       If you enter your username and kinit responds with this message:

       Principal unknown (kerberos)

       you haven't been registered as a Kerberos user.	See your system admin‐

       A Kerberos name contains three parts.  The first is the principal name,
       which is usually a  user's  or  service's  name.	  The  second  is  the
       instance,  which in the case of a user is usually null.	Some users may
       have privileged instances, however, such as ``root'' or ``admin''.   In
       the case of a service, the instance is the name of the machine on which
       it runs; i.e. there can be an rlogin service  running  on  the  machine
       ABC,  which is different from the rlogin service running on the machine
       XYZ.  The third part of a Kerberos name is the realm.  The realm corre‐
       sponds to the Kerberos service providing authentication for the princi‐
       pal.  For example, at MIT there is a Kerberos running at the Laboratory
       for Computer Science and one running at Project Athena.

       When  writing a Kerberos name, the principal name is separated from the
       instance (if not null) by a period, and the realm  (if  not  the	 local
       realm)  follows, preceded by an ``@'' sign.  The following are examples
       of valid Kerberos names:


       When you authenticate yourself with Kerberos, through either the	 work‐
       station toehold system or the kinit command, Kerberos gives you an ini‐
       tial Kerberos ticket.  (A Kerberos ticket is an encrypted protocol mes‐
       sage that provides authentication.)  Kerberos uses this ticket for net‐
       work utilities such as rlogin and rcp.	The  ticket  transactions  are
       done transparently, so you don't have to worry about their management.

       Note,  however,	that tickets expire.  Privileged tickets, such as root
       instance tickets, expire in a few minutes,  while  tickets  that	 carry
       more  ordinary  privileges  may	be  good  for  several hours or a day,
       depending on the installation's policy.	If your login session  extends
       beyond  the  time  limit,  you will have to re-authenticate yourself to
       Kerberos to get new tickets.  Use the kinit command to  re-authenticate

       If you use the kinit command to get your tickets, make sure you use the
       kdestroy command to destroy your tickets before you end your login ses‐
       sion.   You  should  probably  put the kdestroy command in your .logout
       file so that your tickets will  be  destroyed  automatically  when  you
       logout.	 For  more  information about the kinit and kdestroy commands,
       see the kinit(1) and kdestroy(1) manual pages.

       Currently, Kerberos supports the following  network  services:  rlogin,
       rsh, and rcp.  Other services are being worked on, such as the pop mail
       system and NFS (network file system), but are not yet available.

       kdestroy(1), kinit(1), klist(1), kpasswd(1), des_crypt(3), kerberos(3),

       Kerberos will not do authentication forwarding.	In other words, if you
       use rlogin to login to a remote host, you cannot use Kerberos  services
       from that host until you authenticate yourself explicitly on that host.
       Although you may need to authenticate yourself on the remote  host,  be
       aware  that  when you do so, rlogin sends your password across the net‐
       work in clear text.

       Steve Miller, MIT Project Athena/Digital Equipment Corporation
       Clifford Neuman, MIT Project Athena

       The following people helped out on various aspects of the system:

       Jeff Schiller designed and wrote the administration server and its user
       interface,  kadmin.  He also wrote the dbm version of the database man‐
       agement system.

       Mark Colan developed the Kerberos versions of rlogin, rsh, and rcp,  as
       well as contributing work on the servers.

       John Ostlund developed the Kerberos versions of passwd and userreg.

       Stan  Zanarotti	pioneered  Kerberos in a foreign realm (LCS), and made
       many contributions based on that experience.

       Many people contributed code and/or useful ideas, including Jim Aspnes,
       Bob  Baldwin,  John  Barba,  Richard Basch, Jim Bloom, Bill Bryant, Rob
       French, Dan Geer, David Jedlinsky, John	Kohl,  John  Kubiatowicz,  Bob
       McKie,  Brian  Murphy,  Ken  Raeburn,  Chris  Reed,  Jon	 Rochlis, Mike
       Shanzer, Bill Sommerfeld, Jennifer Steiner, Ted Ts'o, and Win Treese.

       COPYRIGHT 1985,1986 Massachusetts Institute of Technology

MIT Project Athena	     Kerberos Version 4.0		   KERBEROS(1)

List of man pages available for 4.4BSD

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net