它界定了該領域的身份驗*服務器或AS(Kerberos基礎結構的組件)的權威機構,為屬於該領域的主體 (principal)提供身份驗*。
第三個部分是 [domain_realm],它描述從子域和域名到Kerberos域名的映*細節。
Basically, kerberos works because each computer shares a secret with the KDC, which has two components: a Kerberos authentication server and a ticket-grantingserver, it a KDC doesn't know the requested target server;
Kerberos USES this concatenated string to generate the secret key instead of using the password alone.
If a user's Kerberos password is stolen by an attacker, then the attacker can impersonate that user.
NFSVersion4的當前實現使用Kerberos (RFC 4120)作為其基礎安全機制,以實現身份驗*、保密*、完整*和不可否認*。
In the third section, I'll show how you can generate a cryptographic key used for encryption and decryption in Kerberos messaging.