Glossary

Authentication Service -- A service on a KDC that verifies principals and issues tickets for their services.

Key Distribution Center -- A system that maintains the database of principals in the Kerberos realm. It returns tickets for use between authenticated principals based on requests from one principal. Generally a KDC runs two Kerberos services: the Authentication service and the Ticket Granting Service.

principal -- An entity within the Kerberos system. Principals are identified by a three-part name such as primary/instance@REALM. Principals can be people (in which case no instance is specified), or Kerberized services defined by the primary and located on an instance in a REALM.

realm -- A network of Kerberos principals maintained in a single database. A realm is identified by an uppercase name matching a DNS zone.

Ticket -- A data record containing the name of principal A requesting access from principal B, encrypted in principal B's secret key.

Ticket Granting Service -- A service on a KDC that issues session keys for use by other principals.

Ticket Granting Ticket -- A ticket to a TGS that allows a principal to request access to other services in the Kerberos realm.