add a, somewhat terse, kerberos overview manpage
This commit is contained in:
joda
parent
0acd5e96a9
commit
5ab344e414
73
crypto/dist/heimdal/lib/krb5/kerberos.8
vendored
Normal file
73
crypto/dist/heimdal/lib/krb5/kerberos.8
vendored
Normal file
@ -0,0 +1,73 @@
|
||||
.\" $Heimdal: kerberos.8,v 1.1 2000/09/01 15:52:24 joda Exp $
|
||||
.\" $NetBSD: kerberos.8,v 1.1 2000/09/10 19:34:49 joda Exp $
|
||||
.Dd September 1, 2000
|
||||
.Dt KERBEROS 7
|
||||
.Os HEIMDAL
|
||||
.Sh NAME
|
||||
.Nm kerberos
|
||||
.Nd introduction to the Kerberos system
|
||||
.Sh DESCRIPTION
|
||||
Kerberos is a network authentication system. It's purpose is to
|
||||
securely authenticate users and services in an insecure network
|
||||
environment.
|
||||
.Pp
|
||||
This is done with a Kerberos server acting as a trusted third party,
|
||||
keeping a database with secret keys for all users and services
|
||||
(collectively called
|
||||
.Em principals ) .
|
||||
.Pp
|
||||
Each principal belongs to exactly one
|
||||
.Em realm ,
|
||||
which is the administrative domain in Kerberos. A realm usually
|
||||
corresponds to an organisation, and the realm should normally be
|
||||
derived from that organisation's domain name. A realm is served by one
|
||||
or more Kerberos servers.
|
||||
.Pp
|
||||
The authentication process involves exchange of
|
||||
.Sq tickets
|
||||
and
|
||||
.Sq authenticators
|
||||
which together prove the principal's identity.
|
||||
.Pp
|
||||
When you login to the Kerberos system, either through the normal
|
||||
system login or with the
|
||||
.Xr kinit 1
|
||||
program, you acquire a
|
||||
.Em ticket granting ticket
|
||||
which allows you to get new tickets for other services, such as
|
||||
.Ic telnet
|
||||
or
|
||||
.Ic ftp ,
|
||||
without giving your password.
|
||||
.Pp
|
||||
For more information on how Kerberos works, and other general Kerberos
|
||||
questions see the Kerberos FAQ at
|
||||
.Ad http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html .
|
||||
|
||||
For setup instructions see the Heimdal Texinfo manual.
|
||||
.Sh SEE ALSO
|
||||
.Xr ftp 1
|
||||
.Xr kdestroy 1 ,
|
||||
.Xr kinit 1 ,
|
||||
.Xr klist 1 ,
|
||||
.Xr kpasswd 1 ,
|
||||
.Xr telnet 1
|
||||
.Sh HISTORY
|
||||
The Kerberos authentication system was developed in the late 1980's as
|
||||
part of the Athena Project at the Massachusetts Institute of
|
||||
Technology. Versions one through three never reached outside MIT, but
|
||||
version 4 was (and still is) quite popular, especially in the academic
|
||||
community, but is also used in commercial products like the AFS
|
||||
filesystem.
|
||||
.Pp
|
||||
The problems with version 4 are that it has many limitations, the code
|
||||
was not too well written (since it had been developed over a long
|
||||
time), and it has a number of known security problems. To resolve many
|
||||
of these issues work on version five started, and resulted in IETF
|
||||
RFC1510 in 1993. Since then much work has been put into the further
|
||||
development, and a new RFC will hopefully appear soon.
|
||||
.Pp
|
||||
This manual manual page is part of the
|
||||
.Nm Heimdal
|
||||
Kerberos 5 distribution, which has been in development at the Royal
|
||||
Institute of Technology in Stockholm, Sweden, since around 1997.
|
||||
Loading…
Reference in New Issue
Block a user