Glossary
Following is a list of terms used throughout this document:
Name | Definition |
Authentication | Verification of the claimed identity of a principal. |
Authenticator | A record containing information that can be shown to have |
| been recently generated using the session key known only by |
| the client and server. |
Authorization | The process of determining whether a client can use a |
| service, which objects the client is allowed to access, and the |
| type of access allowed for each. |
Client | A process that makes use of a network service on behalf of a |
| user. Note that in some cases, a server can itself be a client |
| of some other server (e.g., a print server can be a client of a |
| file server). |
Credentials | A TGT plus the session key sent by the AS in response to an |
| authentication request. This is stored in the user’s credential |
| cache, thus eliminating the need to |
| times during a session. |
KDC | Key Distribution Center, a network service that supplies |
| tickets and temporary session keys; or an instance of that |
| service or the host on which it runs. The KDC services both |
| initial ticket and |
| ticket portion is sometimes referred to as the Authentication |
| Server (or service). The |
| sometimes referred to as the |
| service). |
Kerberos | A network authentication protocol. It is designed to provide |
| strong authentication for client/server applications by using |
| |
| protocol is available from the Massachusetts Institute of |
| Technology. |
LDAP | Lightweight Directory Access Protocol (LDAP), an Internet |
| protocol that email programs use to look up contact |
| information from a server. LDAP was designed at the |
| University of Michigan to adapt a complex enterprise |
| directory system (called X.500) to the modern Internet. X.500 |
| is too complex to support on desktops and over the Internet, |
| so LDAP was created to provide this service. LDAP has |
| broader applications, such as looking up services and |
| devices on the Internet and intranets. |
