1. Manuals
  2. Brands
  3. IBM Manuals
  4. Computer Hardware
  5. AIX HACMP SG24-5131-00
  6. Hardware user manual

IBM AIX HACMP SG24-5131-00 Hardware User Manual page 206

Certification study guide
Hide thumbs
Table of Contents

Advertisement

Kerberos
Also spelled Cerberus - The watchdog of Hades, whose duty was to guard
the entrance (against whom or what does not clearly appear); it is known to
have had three heads.
- Ambrose Bierce, The Enlarged Devil's Dictionary
The following is simply a shortened description on how kerberos works. For
more details, the redbook Inside the RS/6000 SP , SG24-5145, covers the
subject in much more detail.
When dealing with authentication and Kerberos, three entities are involved:
the client , who is requesting service from a server ; the second entity, and the
Key Distribution Center or Kerberos server , which is a machine that manages
the database, where all the authentication data is kept and maintained.
Kerberos is a third-party system used to authenticate users or services that
are known to Kerberos as principals . The very first action to take regarding
Kerberos and principals is to register the latter to the former. When this is
done, Kerberos asks for a principal's password, which is converted to a
principal (user or service) 56-bit key using the DES (Data Encryption
Standard) algorithm. This key is stored in the Kerberos server database.
When a client needs the services of a server, the client must prove its identity
to the server so that the server knows to whom it is talking.
Tickets are the means the Kerberos server gives to clients to authenticate
themselves to the service providers and get work done on their behalf on the
services servers. Tickets have a finite life, known as the ticket life span.
In Kerberos terms, to make a Kerberos authenticated service provider work
on behalf of a client is a three-step process:
• Get a ticket-granting ticket.
• Get a service ticket.
• Get the work done on the service provider.
The main role of the ticket-granting ticket service is to avoid unnecessary
password traffic over the network; so, the user should issue his password
only once per session. What this ticket-granting ticket service does is to give
the client systems a ticket that has a certain time span, whose purpose is to
188
IBM Certification Study Guide AIX HACMP

Advertisement

Table of Contents
loading

Related Manuals for IBM AIX HACMP SG24-5131-00

Related Products for IBM AIX HACMP SG24-5131-00

This manual is also suitable for:

Aix hacmp

Table of Contents