Principal Names
Each ticket is identified by a principal name. The principal name can identify a user or a service. Here are examples of several principal names.
Table 12–4 Examples of Principal Names|
Principal Name |
Description |
|---|---|
|
root/boston.example.com@EXAMPLE.COM |
A principal that is associated with the root account on an NFS client. This principal is called a root principal and is needed for authenticated NFS-mounting to succeed. |
|
host/boston.example.com@EXAMPLE.COM |
A principal that is used by the Kerberized applications (klist and kprop, for example). This principal is called a host or service principal. |
|
username@EXAMPLE.COM |
A principal for a user. |
|
username/admin@EXAMPLE.COM |
An admin principal that can be used to administer the KDC database. |
|
nfs/boston.example.com@EXAMPLE.COM |
A principal that is used by the NFS service. This principal can be used instead of a host principal. |
|
K/M@EXAMPLE.COM |
The master key name principal. There is one master key name principal that is associated with each master KDC. |
|
kadmin/history@EXAMPLE.COM |
A principal which includes a key used to keep password histories for other principals. Each master KDC has one of these principals. |
|
kadmin/kdc1.example.com@EXAMPLE.COM |
A principal for the master KDC server that allows access to the KDC by using kadmind. |
|
changepw/kdc1.example.com@EXAMPLE.COM |
A principal for the master KDC server that allows access to the KDC when you are changing passwords. |
|
krbtgt/EXAMPLE.COM@EXAMPLE.COM |
This principal is used when you generate a ticket-granting ticket. |
- © 2010, Oracle Corporation and/or its affiliates