Kerberos Participants
The Kerberos protocol involves the actions of five participants, as follows:
User—The person who initiates communication with a remote service.
Client—The software that communicates with the service on behalf of the user. In the case of HostExplorer, there are actually two clients in operation:
- The Kerberos client—retrieves your credentials from the Kerberos service and sends them to the remote service for authentication
- HostExplorer—communicates with the remote services once the user has been authenticated
Remote Service—The service on the remote host that communicates with the client. HostExplorer, for example, communicates with the Telnet service.
Kerberos Client—The service that generates the credentials for the user and the remote service. The service can be Hummingbird Connectivity Kerberos or MIT Kerberos.
Key Distribution Center (KDC)—Also known as the Kerberos server. Both the Authentication Server (AS) and the ticket-granting server (TGS) run on the KDC. The AS stores the authentication information for every principal in the Kerberos realm. Kerberos uses this information to generate credentials. The TGS grants service tickets to clients who need them to communicate with their server.