Interoperability with Windows 2000

Understanding the Terminology

systems and the Microsoft implementation uses a DNS lookup to resolve host names. But both implementations are written to RFC 1510 (The Kerberos Network Authentication Service (V5)) and RFC 1964 (The Kerberos Version 5 GSS-API Mechanism), and hence they can interoperate.

Table 4-1 summarizes analogous terminology in the Kerberos server and Windows 2000 Kerberos implementations.

Table 4-1

Table of Analogous Terms

 

 

 

 

 

Kerberos Server

Windows 2000

 

 

 

 

Realm

Domain

 

 

 

 

Interrealm

Interdomain

 

 

Crossdomain

 

 

Crossrealm

 

 

 

 

Secret key

Longterm key

 

 

Shared principal key

 

 

 

 

Credentials cache

Secure cache

 

 

 

 

Principal database

Active directory

 

 

 

 

Service ticket

Session ticket

 

 

 

 

Security server

Domain controller

 

 

 

 

Principal names

Account names

 

 

 

54

Chapter 4

Page 54
Image 54
HP UX Kerberos Data Security Software manual Table of Analogous Terms Kerberos Server Windows