Access Keys:
Skip to content (Access Key - 0)

Q: Why is it Kerberos Principal and not Kerberos Principle?


  • Kerberos, MIT's central authentication service
  • Kerberos principal (your username and domain combination in Kerberos)


When used as a noun the word principal refers to the primary person in a group of people. For example, the principal of a school is arguably the most important person there. Principal can also refer to the primary thing of importance in a related set of things. For example, the principal of my loan, plus the interest, adds up to the total I owe. On the other hand the word principle, also a noun, refers to a foundational law or doctrine.

This can get complicated when the word principal is used as as an adjective, where it means the most important whatever the noun is. So you could correctly say "this is the principal principle" if you wanted to really confuse people, but the other way around does not work.

In Kerberos, principal refers to the person (actually the thing representing the person). A Kerberos principal is the unique and complete identifier of a person, usually consisting of a name, such as othomas; a domain, such as ATHENA.MIT.EDU; and optionally an instance, such as root. The term Kerberos principle, on the other hand, is not commonly used at all. But if it were used it could correctly refer to something such as one of the fundamental rules or doctrines of Kerberos as a technology and concept.

Some examples

  • othomas@ATHENA.MIT.EDU is my Kerberos principal
  • "Not sending a password over the network during authentication" is a Kerberos principle

IS&T Contributions

Documentation and information provided by IS&T staff members

Last Modified:

February 03, 2009

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
c-kerberos c-kerberos Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
This product/service is:
Easy to use
Difficult to use

This article is:
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki