Your principal is your Kerberos identity. It is your user name plus the Kerberos realm (or Windows domain) you are part of. For example, if your user name is jdoe and you are part of the SALES.WIDGET.COM realm, your principal is jdoe@SALES.WIDGET.COM.
Learn about... |
---|
If like many users you just have one Kerberos identity, you will have just one principal.
In most installations, MIT Kerberos knows your realm, so when you start to enter your principal in the Get Ticket window it will auto-complete the realm for you. If you select the "Remember this principal" checkbox, the next time you get tickets Kerberos will auto-complete your principal as soon as you start to type.
The main window shows your principal, along with information about tickets issued to it.
How to: View Tickets
Some users have multiple principals. For example, administrators often have one principal with standard access and an administrative principal with administrative access. Also, some Kerberos installations require multiple principals to access multiple realms.
How to: Manage Multiple Principals
How to: Make Default Principal
Your default principal appears in bold font in the main window. If you have a single principal, that principal is always the default. But if you have multiple principals you will need to change the default principal depending on what service or host you need to access.
When you try to use a Kerberized application, the application attempts to authenticate you by requesting your credentials from Kerberos. Some applications do this by asking for a specific principal's credentials, but others ask generically.
When applications make a generic request, Kerberos does not know which of your principals is being authenticated and checks the default principal for tickets. If the default principal is not the correct one, the application will usually simply fail to work with no warning or notice.
To set your default principal, select a principal in the main window and then click the Make Default button.
How to: Make Default Principal