Each service of Novell Kerberos KDC (KDC server, Administration server, and Password server) uses a representative object in eDirectory. This has two purposes:
To treat the service as a client of eDirectory and provide necessary authorization
To store any configuration related to the service
When each service comes up, it makes an LDAP bind to eDirectory as the corresponding service object, using the stashed password or stored certificate on the local system. All subsequent operations happen based on the rights provided to that object.
The following table describes the Kerberos service attributes: