kerberos man page on Mandriva

Man page or keyword search:  
man Server   17060 pages
apropos Keyword Search (all sections)
Output format
Mandriva logo
[printable version]

KERBEROS(1)							   KERBEROS(1)

NAME
       kerberos - introduction to the Kerberos system

DESCRIPTION
       The  Kerberos  system authenticates individual users in a network envi‐
       ronment.	 After authenticating yourself to Kerberos, you can  use  net‐
       work  utilities	such as rlogin, rcp, and rsh without having to present
       passwords to remote hosts and without having  to	 bother	 with  .rhosts
       files.	Note  that these utilities will work without passwords only if
       the remote machines you deal with support the Kerberos system.

       If you enter your username and kinit responds with this message:

       kinit(v5): Client not found in Kerberos database while getting  initial
       credentials

       you haven't been registered as a Kerberos user.	See your system admin‐
       istrator.

       A Kerberos name usually contains three parts.  The first	 is  the  pri‐
       mary,  which  is usually a user's or service's name.  The second is the
       instance, which in the case of a user is usually null.  Some users  may
       have  privileged instances, however, such as ``root'' or ``admin''.  In
       the case of a service, the instance is the fully qualified name of  the
       machine	on  which it runs; i.e. there can be an rlogin service running
       on the machine ABC, which is different from the rlogin service  running
       on  the	machine	 XYZ.  The third part of a Kerberos name is the realm.
       The realm corresponds to the Kerberos service providing	authentication
       for the principal.

       When  writing a Kerberos name, the principal name is separated from the
       instance (if not null) by a slash, and the  realm  (if  not  the	 local
       realm)  follows, preceded by an ``@'' sign.  The following are examples
       of valid Kerberos names:

	       david
	       jennifer/admin
	       joeuser@BLEEP.COM
	       cbrown/root@FUBAR.ORG

       When you authenticate yourself with Kerberos you get  an	 initial  Ker‐
       beros ticket.  (A Kerberos ticket is an encrypted protocol message that
       provides authentication.)  Kerberos uses this ticket for network utili‐
       ties  such  as rlogin and rcp.  The ticket transactions are done trans‐
       parently, so you don't have to worry about their management.

       Note, however, that tickets expire.  Privileged tickets, such as	 those
       with the instance ``root'', expire in a few minutes, while tickets that
       carry more ordinary privileges may be good for several hours or a  day,
       depending  on the installation's policy.	 If your login session extends
       beyond the time limit, you will have  to	 re-authenticate  yourself  to
       Kerberos	 to get new tickets.  Use the kinit command to re-authenticate
       yourself.

       If you use the kinit command to get your tickets, make sure you use the
       kdestroy command to destroy your tickets before you end your login ses‐
       sion.  You should put the kdestroy command in your .logout file so that
       your tickets will be destroyed automatically when you logout.  For more
       information about the kinit and kdestroy commands, see the kinit(1) and
       kdestroy(1) manual pages.

       Kerberos	 tickets  can  be forwarded.  In order to forward tickets, you
       must request forwardable tickets when you kinit.	 Once  you  have  for‐
       wardable	 tickets, most Kerberos programs have a command line option to
       forward them to the remote host.

       Currently, Kerberos support is available for the following network ser‐
       vices:  rlogin,	rsh, rcp, telnet, ftp, krdist (a Kerberized version of
       rdist), ksu (a Kerberized version of su), login, and Xdm.

SEE ALSO
       kdestroy(1),  kinit(1),	klist(1),   kpasswd(1),	  rsh	(1),   rcp(1),
       rlogin(1),  telnet(1),  ftp(1),	krdist(1), ksu(1), sclient(1), xdm(1),
       des_crypt(3), hash(3), krb5strings(3), krb5.conf(5), kdc.conf(5),  kad‐
       min(8),	 kadmind(8),  kdb5_util(8),  telnetd(8),  ftpd(8),  rdistd(8),
       sserver(8), klogind(8c), kshd(8c), login(8c)

BUGS
AUTHORS
       Steve Miller, MIT Project Athena/Digital Equipment Corporation
       Clifford Neuman, MIT Project Athena

HISTORY
       Kerberos was developed at MIT.	OpenVision  rewrote  and  donated  the
       administration server, which is used in the current version of Kerberos
       5.

RESTRICTIONS
       Copyright 1985,1986,1989-1996,2002 Massachusetts Institute of  Technol‐
       ogy

								   KERBEROS(1)
[top]

List of man pages available for Mandriva

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net