Overview

Authentication Process

Authentication Process

To aid you in understanding the configuration and administration issues this section describes the authentication process. The process of Configuring and Administering your Kerberos Server have been discussed in detail in the subsequent chapters of this manual.

Before the Kerberos Server grants tickets to a user principal to access secured network services, a user must sign on to the Server by providing knowledge of secret information, such as a user name and password.

Once the server authenticates the user, it returns a set of initial credentials for the user, consisting of a ticket-granting-ticket(TGT) and a session key.

A service ticket is granted for a specific service principal, which can be associated with one or more Kerberos-secured services on the same system. The service ticket is used by a client application on behalf of the user, to authenticate the user to the Kerberos-secured network service. The secured client application automatically handles the transactions with the Server and the secured application server. Service tickets and associated session keys are generally cached in the user’s credentials cache along with the user’s TGT.

Chapter 1

27

Page 26 Page 28
Page 27
Image 27
HP UX Kerberos Data Security Software manual Authentication Process
Page 26 Page 28
Top Page Image Contents