This section introduces you to the components of Novell Kerberos KDC.
The KDC server provides authentication and ticket granting services to Kerberos clients. The principal and realm information is stored in eDirectory. Novell Kerberos KDC accesses this information using secure LDAP connections.
The Administration server services administrative requests like principal management and key tab operations. This server acts like another kerberized service on the network and requires the corresponding service ticket to perform any operations.
The Password server provides the necessary functionality to set and change principals' passwords from standard Kerberos Change Password clients. Users who want to avail of this service and change their passwords need to authenticate to KDC first and get the service ticket for this Password Server. Though the wire-level protocol for this change password is still not a standard, this server will comply with the Internet Draft on Kerberos Change Password Protocol (M Horowitz, 1998).
Kerberos Password Agent keeps the Kerberos password in sync with the universal password. Therefore, it needs to be deployed when universal password integration is required. It synchronizes the Kerberos password with universal password whenever the universal password is set in eDirectory.
kdb5_util and kadmin are command-line administration tools for managing the Kerberos Realm and principals in eDirectory. For more information on these utilities refer to Managing Novell Kerberos KDC.