Software AG Products 10.11 | Administering Integration Server | Configuring Integration Server to Use Kerberos | About Kerberos | Kerberos Terminology
 
Kerberos Terminology
Before configuring Integration Server to use Kerberos authentication, you may find it helpful to first understand the following terminology:
*Key Distribution Center (KDC). The trusted third-party system that provides authentication and ticket granting services and hosts the principal database. That is, the KDC consists of an authorization server, a ticket-granting server, and a database that contains the principals and their keys.
*Realm. All the computers that are managed by the KDC and secondary KDCs, if any, constitute the realm. That is, the realm includes all the nodes that share the same Kerberos database.
*Principal. A service or user that is known to the Kerberos system. Each Kerberos principal is identified by its principal name. Principal names consist of three parts: a service or user name, an instance name, and a realm name in the following form: principal-name.instance-name@realm-name
*Service principal name. The principal name of the service as registered with the principal database.
*Keytab file. The file consisting of a set of principals and their passwords. It can contain the principal password encrypted using different encryption algorithms.
*Kerberos configuration file. The file that contains configuration information such as Kerberos realm, location of KDC, defaults for the current realm, and encryption algorithms. Generally, this file is named "krb5.conf".
*Subject. The user or service that is authenticated by the JAAS login context.