Export (0) Print
Expand All

1.1 Glossary

The following terms are defined in [MS-GLOS]:

Active Directory
AP exchange
AS exchange
Authentication Service (AS)
authenticator
authorization data
claim
directory
directory service (DS)
distinguished name (DN)
domain
fully qualified domain name (FQDN)
Generic Security Services (GSS)
Internet host name
Kerberos principal
key
Key Distribution Center (KDC)
KRB_AP_REQ/KRB_AP_REP
KRB_AS_REQ/KRB_AS_REP
KRB_PRIV exchange
KRB_SAFE exchange
object identifier (OID)
objectGuid
preauthentication
privilege attribute certificate (PAC)
read-only domain controller (RODC)
realm
secret key
Security Support Provider Interface (SSPI)
service
service principal
service principal name (SPN)
service (SRV) resource record
service ticket
session
session key
ticket
ticket-granting service (TGS)
ticket-granting service (TGS) exchange
ticket-granting ticket (TGT)

The following terms are specific to this document:

Compound identity TGS-REQ: A FAST TGS-REQ that uses explicit FAST armoring using the computer's TGT.

context session key: A variant of a cryptographic key used in the generation and processing of per-message tokens that uses the Kerberos session key directly ([RFC1964] section 1.2).

FAST armor: Using a TGT for the principal to protect Kerberos messages, as described in [RFC6113].

Flexible Authentication Secure Tunneling (FAST): FAST provides a protected channel between the client and the Key Distribution Center (KDC).

integrity level: The attributed trustworthiness of an entity or object.

"RestrictedKrbHost" services: The class of services that use SPNs with the serviceclass string equal to "RestrictedKrbHost", whose service tickets use the computer account's key and share a session key. For information on the serviceclass string, see section 3.1.5.11.

security package: The software implementation of a security protocol. Security packages are contained in security support provider components or security support provider/authentication package components.

ticket session key: The session key within a ticket.

MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as described in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.

 
Show:
© 2014 Microsoft