![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to kerberos.1 CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / man|
Return to kerberos.1 CVS log | Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / man |
1.1 ! root 1: .\" $Source: /mit/kerberos/src/man/RCS/kerberos.1,v $ ! 2: .\" $Author: jtkohl $ ! 3: .\" $Header: kerberos.1,v 4.7 89/01/23 11:39:33 jtkohl Exp $ ! 4: .\" Copyright 1989 by the Massachusetts Institute of Technology. ! 5: .\" ! 6: .\" For copying and distribution information, ! 7: .\" please see the file <mit-copyright.h>. ! 8: .\" ! 9: .TH KERBEROS 1 "Kerberos Version 4.0" "MIT Project Athena" ! 10: .SH NAME ! 11: kerberos \- introduction to the Kerberos system ! 12: ! 13: .SH DESCRIPTION ! 14: The ! 15: Kerberos ! 16: system authenticates ! 17: individual users in a network environment. ! 18: After authenticating yourself to ! 19: Kerberos, ! 20: you can use network utilities such as ! 21: .IR rlogin , ! 22: .IR rcp , ! 23: and ! 24: .IR rsh ! 25: without ! 26: having to present passwords to remote hosts and without having to bother ! 27: with ! 28: .I \.rhosts ! 29: files. ! 30: Note that these utilities will work without passwords only if ! 31: the remote machines you deal with ! 32: support the ! 33: Kerberos ! 34: system. ! 35: All Athena timesharing machines and public workstations support ! 36: Kerberos. ! 37: .PP ! 38: Before you can use ! 39: Kerberos, ! 40: you must register as an Athena user, ! 41: and you must make sure you have been added to ! 42: the ! 43: Kerberos ! 44: database. ! 45: You can use the ! 46: .I kinit ! 47: command to find out. ! 48: This command ! 49: tries to log you into the ! 50: Kerberos ! 51: system. ! 52: .I kinit ! 53: will prompt you for a username and password. ! 54: Enter your username and password. ! 55: If the utility lets you login without giving you a message, ! 56: you have already been registered. ! 57: .PP ! 58: If you enter your username and ! 59: .I kinit ! 60: responds with this message: ! 61: .nf ! 62: ! 63: Principal unknown (kerberos) ! 64: ! 65: .fi ! 66: you haven't been registered as a ! 67: Kerberos ! 68: user. ! 69: See your system administrator. ! 70: .PP ! 71: A Kerberos name contains three parts. ! 72: The first is the ! 73: .I principal name, ! 74: which is usually a user's or service's name. ! 75: The second is the ! 76: .I instance, ! 77: which in the case of a user is usually null. ! 78: Some users may have privileged instances, however, ! 79: such as ``root'' or ``admin''. ! 80: In the case of a service, the instance is the ! 81: name of the machine on which it runs; i.e. there ! 82: can be an ! 83: .I rlogin ! 84: service running on the machine ABC, which ! 85: is different from the rlogin service running on ! 86: the machine XYZ. ! 87: The third part of a Kerberos name ! 88: is the ! 89: .I realm. ! 90: The realm corresponds to the Kerberos service providing ! 91: authentication for the principal. ! 92: For example, at MIT there is a Kerberos running at the ! 93: Laboratory for Computer Science and one running at ! 94: Project Athena. ! 95: .PP ! 96: When writing a Kerberos name, the principal name is ! 97: separated from the instance (if not null) by a period, ! 98: and the realm (if not the local realm) follows, preceded by ! 99: an ``@'' sign. ! 100: The following are examples of valid Kerberos names: ! 101: .sp ! 102: .nf ! 103: .in +8 ! 104: billb ! 105: jis.admin ! 106: [email protected] ! 107: [email protected] ! 108: .in -8 ! 109: .fi ! 110: .PP ! 111: When you authenticate yourself with ! 112: Kerberos, ! 113: through either the workstation ! 114: .I toehold ! 115: system or the ! 116: .I kinit ! 117: command, ! 118: Kerberos ! 119: gives you an initial ! 120: Kerberos ! 121: .IR ticket . ! 122: (A ! 123: Kerberos ! 124: ticket ! 125: is an encrypted protocol message that provides authentication.) ! 126: Kerberos ! 127: uses this ticket for network utilities ! 128: such as ! 129: .I rlogin ! 130: and ! 131: .IR rcp . ! 132: The ticket transactions are done transparently, ! 133: so you don't have to worry about their management. ! 134: .PP ! 135: Note, however, that tickets expire. ! 136: Privileged tickets, such as root instance tickets, ! 137: expire in a few minutes, while tickets that carry more ordinary ! 138: privileges may be good for several hours or a day, depending on the ! 139: installation's policy. ! 140: If your login session extends beyond the time limit, ! 141: you will have to re-authenticate yourself to ! 142: Kerberos ! 143: to get new tickets. ! 144: Use the ! 145: .IR kinit ! 146: command to re-authenticate yourself. ! 147: .PP ! 148: If you use the ! 149: .I kinit ! 150: command to get your tickets, ! 151: make sure you use the ! 152: .I kdestroy ! 153: command ! 154: to destroy your tickets before you end your login session. ! 155: You should probably put the ! 156: .I kdestroy ! 157: command in your ! 158: .I \.logout ! 159: file so that your tickets will be destroyed automatically when you logout. ! 160: For more information about the ! 161: .I kinit ! 162: and ! 163: .I kdestroy ! 164: commands, ! 165: see the ! 166: .I kinit(1) ! 167: and ! 168: .I kdestroy(1) ! 169: manual pages. ! 170: .PP ! 171: Currently, ! 172: Kerberos ! 173: supports the following network services: ! 174: .IR rlogin , ! 175: .IR rsh , ! 176: and ! 177: .IR rcp . ! 178: Other services are being worked on, ! 179: such as the ! 180: .IR pop ! 181: mail system and NFS (network file system), ! 182: but are not yet available. ! 183: ! 184: .SH "SEE ALSO" ! 185: kdestroy(1), kinit(1), klist(1), kpasswd(1), des_crypt(3), kerberos(3), ! 186: kadmin(8) ! 187: .SH BUGS ! 188: Kerberos ! 189: will not do authentication forwarding. ! 190: In other words, ! 191: if you use ! 192: .I rlogin ! 193: to login to a remote host, ! 194: you cannot use ! 195: Kerberos ! 196: services from that host ! 197: until you authenticate yourself explicitly on that host. ! 198: Although you may need to authenticate yourself on the remote ! 199: host, ! 200: be aware that when you do so, ! 201: .I rlogin ! 202: sends your password across the network in clear text. ! 203: ! 204: .SH AUTHORS ! 205: Steve Miller, MIT Project Athena/Digital Equipment Corporation ! 206: .br ! 207: Clifford Neuman, MIT Project Athena ! 208: ! 209: The following people helped out on various aspects of the system: ! 210: ! 211: Jeff Schiller designed and wrote the administration server and its ! 212: user interface, kadmin. ! 213: He also wrote the dbm version of the database management system. ! 214: ! 215: Mark Colan developed the ! 216: Kerberos ! 217: versions of ! 218: .IR rlogin , ! 219: .IR rsh , ! 220: and ! 221: .IR rcp , ! 222: as well as contributing work on the servers. ! 223: ! 224: John Ostlund developed the ! 225: Kerberos ! 226: versions of ! 227: .I passwd ! 228: and ! 229: .IR userreg . ! 230: ! 231: Stan Zanarotti pioneered Kerberos in a foreign realm (LCS), ! 232: and made many contributions based on that experience. ! 233: ! 234: Many people contributed code and/or useful ideas, including ! 235: Jim Aspnes, ! 236: Bob Baldwin, ! 237: John Barba, ! 238: Richard Basch, ! 239: Jim Bloom, ! 240: Bill Bryant, ! 241: Rob French, ! 242: Dan Geer, ! 243: David Jedlinsky, ! 244: John Kohl, ! 245: John Kubiatowicz, ! 246: Bob McKie, ! 247: Brian Murphy, ! 248: Ken Raeburn, ! 249: Chris Reed, ! 250: Jon Rochlis, ! 251: Mike Shanzer, ! 252: Bill Sommerfeld, ! 253: Jennifer Steiner, ! 254: Ted Ts'o, ! 255: and ! 256: Win Treese. ! 257: ! 258: .SH RESTRICTIONS ! 259: ! 260: COPYRIGHT 1985,1986 Massachusetts Institute of Technology
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.