Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- kerberos uses two servers, an authentication server that gives you a key, and a ticket-granting server that requires the key before it gives you a ticket.
- a principal is your ID. it has your username, your host name, and some other crap. it's kinda like a Hello My Name Is sticker
- a ticket is a little timestamped file. without it you'd have to input a password with every command, but the (service? host?) looks for a ticket first.
- a root principal is a sticker you apply over the "Hello My Name Is Fox" sticker that says "Hello My Name Is Root" - you get one (automatically?) if you're in the wheel/one of the sudoers/whatever
- to get into LDAP, you use your Kerberos principal as "bind credentials" (basically only use this in the context of LDAP) and send it through SASL. SASL is a bit of code that LDAP uses to authenticate and if SASL is happy you can access LDAP.
Add Comment
Please, Sign In to add comment