Principal Names
Each ticket is identified by a principal name. The principal name can identify a user or a service. Here are examples of several of the principal names.
Table 7-4 Examples of Principal Names|
Principal Name |
Description |
|---|---|
|
root/boston.acme.com@ACME.COM |
A principal associated with the root account on an NFS client. This is called a root principal and is needed for authenticated NFS-mounting to succeed. |
|
host/boston.acme.com@ACME.COM |
A principal used by the Kerberized applications (klist and kprop for example) and services (such as ftp and telnet). This is called a host or service principal. |
|
username@ACME.COM |
A principal for a user |
|
username/admin@ACME.COM |
An admin principal that can be used to administer the KDC database |
|
ftp/boston.acme.com@ACME.COM |
A principal used by the ftp service. This can be used instead of a host principal. |
|
K/M@ACME.COM |
The master key name principal. There is one of these associated with each master KDC. |
|
kadmin/history@ACME.COM |
A principal which includes a key used to keep password histories for other principals. There is one of these for each master KDC. |
|
kadmin/kdc1.acme.com@ACME.COM |
A principal for the master KDC server that allows access to the KDC using kadmind |
|
changepw/kdc1.acme.com@ACME.COM |
A principal for the master KDC server that allows access to the KDC when changing passwords |
|
krbtgt/ACME.COM@ACME.COM |
This principal is used when generating a ticket granting ticket. |
- © 2010, Oracle Corporation and/or its affiliates