Export (0) Print
Expand All

1.1 Glossary

The following terms are defined in [MS-GLOS]:

Active Directory

authorization

authorization data

constrained delegation

domain

domain controller (DC)

forwardable

Kerberos principal

key

KRB_AP_REQ/KRB_AP_REP

KRB_AS_REQ/KRB_AS_REP

KRB_TGS_REQ/KRB_TGS_REP

principal

privilege attribute certificate (PAC)

realm

service

Service for User (S4U)

Service for User to Proxy (S4U2proxy)

Service for User to Self (S4U2self)

service ticket

session key

ticket

ticket-granting service (TGS)

ticket-granting ticket (TGT)

The following terms are specific to this document:

Key Distribution Center (KDC): A network service that supplies tickets to entities to authenticate other entities. Specifically, the Kerberos KDC is the Kerberos ticket-granting service (TGS) specified in the Kerberos protocol. The Kerberos service that implements the authentication and TGS is specified in the Kerberos protocol.<1>

pre-authentication: In the Kerberos protocol, the act of proving identity (and knowledge of a key) before the issuance of the initial ticket-granting ticket (TGT), as specified in [RFC4120] sections 5.2.7 and 7.5.2.

MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as described in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.

Show:
© 2014 Microsoft