Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Glossary of Terms

Glossary of Terms


Abstract Syntax Notation One. ASN.1 is a notation used describe messages. It describes them as a sequence of components. The described components may be sequences also. ASN.1 is used to describe the internals of Kerberos datagrams. Unless you are a software developer, you do not need to gain an understanding of ASN.1.


A record containing information that can be shown to have been recently generated using the session key known only by the client and server. (Definition taken from RFC1510)


A ticket for the server and a session key which is used to authenticate the principal.

Cross-Realm Authentication

Kerberos has the ability for a KDC is one realm to authenticate a principal in another realm if a secret is shared between the KDCs of both realms. This inter-realm authentication is called cross-realm authentication.

Data Encryption Standard [DES]

An algorithm used for encrypted which was the official algorithm of the United Sates Government. It was developed by IBM with assistance from the NSA. The algorithm is a sixteen round block cipher which uses a 64bit block and a 56bit key.

Forwardable Ticket

A ticket granted by the KDC which allows the user to request additional tickets with different IP addresses. In effect, a TGT which allows the authenticated principal to request tickets valid on other additional machines.

Generic Security Services Application Programming Interface [GSS-API]

A set of C language bindings which provide security services to its callers. The API may be implemented on top of various cryptographic systems. Kerberos is one example of such a system.

Key Distribution Center [KDC]

The machine and software which perform the role of the trusted arbitrator in the Kerberos protocol.


An authentication protocol in which a trusted third party, an arbitrator, is relied upon to perform the authentication of clients on a TCP/IP network. The protocol was designed in a way that encrypted tickets are transmitted over the network rather than traditional plaintext passwords providing for secure network authentication.


(v.) The act of modifying a system, service, or piece of software to make use of the Kerberos protocol to perform authentication. (adj. kerberized) A system, service, or piece of software which supports authentication through Kerberos.

Network Time Protocol [NTP]

A protocol used to synchronizes clocks of hosts and routers on the Internet.

Postdatable ticket

In Kerberos 5, a ticket which is invalid initially and which becomes valid at some time in the future. Normal Kerberos tickets are only valid from the time they are requested until the time that they expire.


Additional authentication which takes place before a KDC grants a TGT to a principal. An example of such authentication may be the satisfaction of a biometrics system.


A user or server for which a secret key is stored in the KDC database.

Proxiable Ticket

In Kerberos 5, a ticket which allows you to request a TGT for alternative IP addresses.


The scope of a Kerberos deployment. Specifically, the organization domain for which the KDC is trusted to authenticate principals.

Renewable Ticket

In Kerberos 5, a ticket which allows the principal a maximum renewable lifetime in addition to the standard ticket lifetime. Renewable tickets may be used to acquire additional tickets from the KDC as long as the ticket is valid. Renewed tickets can be requested up to the maximum renewable lifetime of the original renewable ticket.


A seed value used in the encryption of a plaintext password to expand the number of possible resulting ciphertexts from a given plaintext. The use of a salt value is a defensive measure used to protect encrypted passwords against dictionary attacks.

Stash File

A disk store of secret keys.


A data message consiting of the client's identity, a session key, a timestamp, and other information all encrypted with the server's secret key. It is used to perform authentication.

Ticket Granting Service [TGS]

A service which is capable and authorized in the issuing of tickets to clients after they have acquire a Ticket Granting Ticket (TGT).

Ticket Granting Ticket [TGT]

A ticket which contains a session key to be used in communication between the client and the KDC.

Transitive Cross-Realm Authentication

In Kerberos 5, the ability to chain trust together between realms building in effect a trust path so that a principal in realm X that wishes to authenticate a principal in realm Z does not need the KDC for realm X to share a secret with realm Z if both realm X and realm Z share a secret with realm Y. Realm Y can be used as a "hop" in a trust path.

Triple DES

A variant of DES in which data is encrypted three times with standard DES using two different keys.



Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Tech Companies, Privacy Advocates Call for NSA Reform
Google warns of unauthorized TLS certificates trusted by almost all OSes
How Kevin Mitnick hacked the audience at CeBIT 2015
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.