Network Services and the Master Database
The master database also contains entries for all network services that
require Kerberos authentication. Suppose that your site has a machine,
laughter.mit.edu
, that requires Kerberos
authentication from anyone who wants to rlogin
to it. The host's
Kerberos realm is ATHENA.MIT.EDU
.
This service must be registered in the Kerberos database, using the
proper service name, which in this case is the principal:
host/[email protected]
The /
character separates the Kerberos primary (in this
case, host
) from the instance (in this case,
laughter.mit.edu
); the @
character separates
the realm name (in this case, ATHENA.MIT.EDU
) from the rest
of the principal. The primary, host
, denotes the name or type of
the service that is being offered: generic host-level access to the
machine. The instance, laughter.mit.edu
, names the
specific machine that is offering this service. There will generally be
many different machines, each offering one particular type of service,
and the instance serves to give each one of these servers a different
Kerberos principal.