Interoperability With Windows 2000
Understanding the Terminology
Understanding the Terminology
Both HP’s Kerberos Server and Microsoft provide Kerberos security for your network. While the technology is the same - the terminology varies.
Kerberos authentication depends upon establishing trust between users and services via a trusted third party called a Key Distribution Center (KDC). HP provides a KDC on the security server, while Windows 2000 provides a KDC on the domain controller.
Each KDC stores information about trusted users and services in a central database, the principal database in HP’s terms; the domain’s Active Directory in Microsoft terms. Each database contains a collection of users. In HP’s terms, the database contains a collection called a realm and each entry is a principal. In Microsoft terms, the database contains a collection called a domain and each entry is an account.
The most important information associated with any principal in the Kerberos model is its unique symmetric key, that is, the key used to encrypt and decrypt information on behalf of the principal. HP uses the term secret key; Microsoft uses the terms
During logon, if the KDC can successfully authenticate the user, it responds with a special message called a
The client system stores the ticket in memory. In HP’s terminology, the client system stores the ticket in the credentials cache and uses it to request service tickets to authenticate to applications or services on the network. In Microsoft terminology, the client system stores the ticket in the secure cache and uses it to request session tickets to authenticate to applications or services.
52 | Chapter 4 |
