Principals
Each principal that participates in Kerberos V5 authentication and authorization must be in the KDC database, which is the security registry database for DCE. The KDC database does not distinguish between types of principal names. However, distinguishing between two kinds of principal names - user principal names and service principal names - is useful.
A user principal name is associated with a specific user of the secure remote utilities. A user principal name consists of a user ID and a realm (or cell) name. Each user must have a user principal name in the KDC database. An example of a Kerberos user principal name is susan@MYREALM.COM. An example of a DCE user principal name is /.../my_kdc_cell/susan.
A service principal name is one that authorizes a client to use a particular service, including the specific application server machine that the service will access, and the realm name. For rlogin and rsh, the service principal name is host. An example of a Kerberos service principal name for rlogin is host/abc_system.com@REALM_A.COM. An example of a DCE service principal name for rlogin is /.../cell_a.com/host/abc_system.com.