Installing and Administering Internet Services
340 Chapter 11
Secure Internet Services
Overview of the Secure Environment and the Kerberos V5 Protocol
Figure 11-1 The Secure Environment and the Kerberos V5 Protocol
Components of the Secure Environment
As part of the Kerberos V5 protocol, security clients authenticate
themselves (verify their identity) to a trusted host. This trusted host is
called the security server (A in Figure 11-1). We strongly recommend
that the system where the security server is running be physically secure
(for example, located in a locked room).
The security server is also referred to as the Key Distribution Center
(KDC). The KDC provides Kerberos authentication services to security
clients. Throughout the rest of this chapter the term KDC will be used to
refer to a generic security server. Hewlett-Packard currently provides
two products that fulfill the role of the KDC: the HP DCE Security
Service and the HP Praesidium/Security Service (P/SS).
A security client is one of the following:
• Application client (C in Figure 11-1): A Secure Internet Services
application (ftp, rcp, remsh, rlogin, or telnet).
Security Server
Application
Client
(e.g., ftp, telnet)
Application
Server
(e.g., ftpd, telnetd)
Security Client
KDC
AS
TGS
Security Client
(A)
(C)
(D)
1
2
3
4
5
6
Security
Client Runtime
(e.g., kinit, klist)
Security Client
(B)