Kerberos is a network authentication system. Its purpose is to securely authenticate users and services in an insecure network environment.
This is done with a Kerberos server acting as a trusted third party, keeping a database with secret keys for all users and services (collectively called
principals).
Each principal belongs to exactly one
realm, which is the administrative domain in Kerberos. A realm usually corresponds to an organisation, and the realm should normally be derived from that organisation's domain name. A realm is served by one or more Kerberos servers.
The authentication process involves exchange of ‘tickets' and ‘authenticators' which together prove the principal's identity.
When you login to the Kerberos system, either through the normal system login or with the
kinit(1) program, you acquire a
ticket granting ticket which allows you to get new tickets for other services, such as
telnet or
ftp, without giving your password.
For more information on how Kerberos works, and other general Kerberos questions see the Kerberos FAQ at
http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html.
For setup instructions see the Heimdal Texinfo manual.