kerberos(8krb)kerberos(8krb)Namekerberos - the kerberos daemon
Syntax
/usr/etc/kerberos [ -p pause_seconds ] [ -a max_age ]
[ -l log_file ] [ -r realm ] [ -s ] [ -n ] [ -m ]
Description
The daemon is used by a Kerberos principal, X, to assist it in authen‐
ticating its identity to another Kerberos principal Y. In the ULTRIX
environment, X would typically be an application running on one machine
while Y would be an application running on another machine. Because X
and Y run on separate machines, the authentication of X by Y and Y by X
is not an easy task. If they ran on a single machine, A, the authenti‐
cation of X could be performed easily by Y. All Y need do is ask A for
the user ID of X. Since Y trusts the local machine, if the user ID of
X is the user ID Y expects, then X must be X.
If Y were to authenticate X when X runs on a different machine, B,
using the same user ID method, then Y would be forced to trust the
machine B to provide a correct answer. The security of this method
breaks down as soon as any one machine that Y is willing to trust is
subverted by a hostile user. In addition, it breaks as soon as any
machines that cannot be trusted by Y are allowed on the physical net‐
work to which A and B are connected. Hostile users that have control
over these rogue machines can force them to produce messages that look
as though they come from machine B.
The daemon serves as a single point of trust in a local area network
(LAN). The authentication of X to Y depends upon the trust that both X
and Y have in the daemon. X trusts the daemon to give Y only enough
information to authenticate itself as Y to X, and Y trusts to give X
only enough information to authenticate itself as X to Y. Y no longer
needs to trust B to authenticate X.
If X were to authenticate itself to Y, X would first communicate with
the daemon in order to obtain a ticket that would allow it to authenti‐
cate to Y. The ticket can be defined as the data that X needs to
authenticate itself to Y. X passes the ticket to Y, along with other
information, to authenticate itself to Y. Y then has the ability to
send a message back to X in order to authenticate its identity to X.
There is one master daemon per LAN. The difference between a Kerberos
master daemon and a Kerberos slave daemon is apparent in the way in
which the Kerberos database on the machines on which they run is
updated. The Kerberos database stores information about Kerberos prin‐
cipals. It stores, for instance, the Data Encryption Standard (DES)
encryption key that is associated with each principal.
There is only one Kerberos database per LAN, to which updates to indi‐
vidual principal entries should be performed. This is the Kerberos
master database. The daemon that runs on the machine which stores the
Kerberos master database is the master daemon. All the other Kerberos
databases in the LAN are periodically updated by and based upon the
data stored in the Kerberos master database. The machines that store
this type of database run slave daemons.
A realm is the common name given to a group of principals. All princi‐
pals stored in one Kerberos database belong to a single realm, and an
individual daemon uses only one Kerberos database. So, a daemon only
allows one principal in the realm to authenticate another principal in
the realm. Inter-realm authentication is not supported in the ULTRIX
version of Kerberos.
Options-p Allows the user to select the number of seconds that the daemon
will pause, pause_seconds, after it has encountered an unrecov‐
erable error, and before it exits. This time interval must be
between five minutes (300), and one hour (3600). If neither
this option nor the -s option is used, the daemon will pause
forever before exiting.
-a Allows the user to specify the age in seconds, max_age, above
which the Kerberos database should be considered too old for a
Kerberos slave server to use. The daemon determines the age of
the Kerberos database by comparing the last modification time of
the file with the current time. The file is modified every time
the database is changed. Since a Kerberos slave server receives
its database in whole from the Kerberos master, this option
specifies the maximum amount of time allowed between database
transfers. The time value must be between one hour (3600) and
three days (259200). If neither this option nor the -s option
is used, the maximum age of the database is infinite.
-l Allows the user to select a different file, log_file, into which
the daemon will place Kerberos log messages. If neither this
option nor the -s option is used, the log_file value is set to
-r Allows the user to change the name of the realm, realm, for
which the daemon will serve information. If no realm name is
specified with the -r option, the daemon will server the realm
of which the local host is a member.
-s Allows the user to tell the daemon to use the default values for
pause_seconds, max_age, and log_file of a slave server. If
max_age has not been set with the -a option, the max_age value
is set to the slave server default of one day (86400). If the
pause_seconds value has not been set with the -p option, the
pause_seconds value is set to the slave server default of 5 min‐
utes (300). If the log_file value has not been set with the -l
option, the log_file value is set to the slave server default,
Use of the -s option is equivalent to using the following list
of options with the daemon:
-a 86400 -p 300 -l /var/dss/kerberos/log/kerberos_slave.log
-n Allows the user to tell the daemon that the maximum age of the
Kerberos database should be infinite. This option is only use‐
ful if the -s option has been selected by the user, but the max‐
imum age of the database should not be equal to the slave
default (300), but should be infinite. This option also over‐
rides the -a option.
-m Allows the user to run the daemon in manual mode. This implies
that the master key of the Kerberos database will be input from
If this option is not used, the master key of the Kerberos data‐
base is read from the data file placed in the system.
See Alsokdb_init(8krb), kdb_util(8krb), kdb_edit(8krb), kdb_destroy(8krb), ker‐
beros(3krb), kprop(8krb)kpropd(8krb)kerberos(8krb)