The basic currency of Kerberos is the ticket,
which the user presents to use a specific service. Each service,
be it a login service or an FTP service, requires a different kind
of ticket. The applications on the Kerberos server keep track of
all the various kinds of tickets.
When you first log on to Kerberos each day, you enter your
Kerberos password. In return, the Kerberos server gives you an initial
ticket, which you use to request additional tickets from
the Kerberos server for all the other services. For this reason,
the initial ticket is also called the ticket-granting
ticket, or TGT.
Use the Kerberos protocol to secure the communication between
the client and server. Thus, client programs make authentication
requests to an authentication server, and server programs in turn
service those client requests. Based on your user credentials, the
server program grants or denies your request to access network applications
and services. The Kerberos server allows entities to authenticate
themselves, without having to transmit their passwords in clear
text form over the network.
For more information on the basics of Kerberos, see Installing, Configuring
and Administering the Kerberos Server on HP-UX 11i (T1417-0001),
available at http://www.docs.hp.com/hpux/internet/index.html#Kerberos.
Printable version
