Each ticket is identified by a principal name. The principal name can identify a user or a service. Here are examples of several principal names.
Table 5-4 Examples of Principal Names
Principal Name |
Description |
---|---|
root/boston.example.com@EXAMPLE.COM |
A principal that is associated with the root account on an NFS client. This principal is called a root principal and is needed for authenticated NFS-mounting to succeed. |
host/boston.example.com@EXAMPLE.COM |
A principal that is used by the network applications servers, such as ftpd and telnetd. This principal is also used with the pam_krb5 authentication module. This principal is called a host or service principal. |
username@EXAMPLE.COM |
A principal for a user. |
username/admin@EXAMPLE.COM |
An admin principal that can be used to administer the KDC database. |
nfs/boston.example.com@EXAMPLE.COM |
A principal that is used by the NFS service. This principal can be used instead of a host principal. |
ftp/boston.example.com@EXAMPLE.COM |
A principal used by the ftp service. This can be used instead of a host principal. |
K/M@EXAMPLE.COM |
The master key name principal. There is one master key name principal that is associated with each master KDC. |
kadmin/history@EXAMPLE.COM |
A principal which includes a key used to keep password histories for other principals. Each master KDC has one of these principals. |
kadmin/kdc1.example.com@EXAMPLE.COM |
A principal for the master KDC server that allows access to the KDC by using kadmind. |
changepw/kdc1.example.com@EXAMPLE.COM |
A principal for the master KDC server that allows access to the KDC when you are changing passwords. |
krbtgt/EXAMPLE.COM@EXAMPLE.COM |
This principal is used when you generate a ticket-granting ticket. |