Components

This lesson covers the various actors and entities that participate in the Kerberos protocol.

The Kerberos ecosystem consists of various components that come together to implement the authentication protocol in an insecure network. In this lesson, we’ll examine the various parts of the puzzle before we delve into their interactions with each other. The important Kerberos components are:

  • Realm
  • Principal
  • Key Distribution Center
  • Key
  • Ticket

We’ll discuss each one of them in turn.

Realm

A Kerberos realm can be thought of as a logical network or domain over which a Kerberos authentication server has the authority to authenticate a user, host, or service. A realm name is often the upper-case version of the name of the DNS domain over which it presides. The convention is to make the realm name equivalent to the DNS domain name, but this isn’t mandatory. In practice, however, nearly all Kerberos realms are named after the corresponding DNS domain. As an example, the realm for a Kerberos installation at Datajek would be DATAJEK.IO

Principal

Every entity living within a Kerberos installation, including individual users, computers, and services running on servers, has a unique identifier associated with it called the principal. Each principal also has a password tied to it. You can consider the principal name analogous to the username you use for any online service, e.g., email or social ...