Go to main content

Managing Kerberos in Oracle® Solaris 11.4

Exit Print View

Updated: August 2020

Kerberos Glossary

These glossary entries cover words that have different meanings in different parts of the operating system, or have different meanings in Oracle Solaris and Kerberos. For definitions of Kerberos components, see the documentation on the MIT Kerberos web site (http://web.mit.edu/kerberos/).


1. In Kerberos, the process of determining if a principal can use a service, which objects the principal is allowed to access, and the type of access that is allowed for each object.

2. In Oracle Solaris rights-based access control (RBAC), a right that can be assigned to a role or user (or as part of a rights profile) for performing a class of operations that are otherwise prohibited by security policy. Authorizations are enforced at the user application level, not in the kernel.


1. In Kerberos, the second part of a principal name. An instance qualifies the principal's primary. In the case of a service principal, the instance is required. The instance is the host's fully qualified domain name, as in host/central.example.com. For user principals, an instance is optional. Note, however, that jdoe and jdoe/admin are unique principals.

2. In Oracle Solaris, a specific service of a class of SMF services. For example, the compliance:default instance and the compliance:generate-guide instance are separate instances of the compliance SMF service.

Kerberos policy

A set of rules that governs password usage in the Kerberos service. Policies can regulate principals' accesses, or ticket parameters, such as lifetime.


Generally, a plan or course of action that influences or determines decisions and actions. For computer systems, policy typically means security policy. Your site's security policy is the set of rules that define the sensitivity of the information that is being processed and the measures that are used to protect the information from unauthorized access.

See also Kerberos policy.


In general, a power or capability to perform an operation on a computer system that is beyond the powers of a regular user. A privileged user or privileged application is a user or application that has been granted additional rights.

1. In Kerberos, a right granted to a principal by an entry in the kadm5.acl file.

2. In Oracle Solaris, one of around one hundred discrete kernel rights that can be granted to a user or a process to allow the performance of an action.


In Kerberos, a configuration variable or relationship that is defined in the kdc.conf or krb5.conf files. In the Oracle Solaris OS, relations are typically called variables or keyword-value pairs.


1. In Kerberos, a resource that is provided to network clients, often by more than one server. For example, if you ssh to the central.example.com host, then that host is the server that provides the ssh service.

2. In Oracle Solaris, a program that is managed by the System Management Facility (SMF) as a service. Services can be enabled, disabled, refreshed, and restarted through SMF commands. The status of services is constantly monitored and logged for ease in tracking and troubleshooting. In Oracle Solaris, the Kerberos client is the kadmin service and the KDC is two services, krb5kdc and krb5_prop.