D.2 Kerberos KDC Services

A KDC contains the identities and keys of every principal in the network that it must service within its realm. This principal information is stored in a local database within the KDC. In the Novell Kerberos KDC, the principal and realm information is stored in eDirectory.

The following tables list some of the services provided by a typical KDC (including the Novell Kerberos KDC):

Table D-2 Basic KDC Services and Their Purpose

Basic KDC Service

Purpose

Authentication Server (AS)

Issues authentication credentials known as Ticket Granting Tickets (TGT) to users while logging in.

Ticket Granting Server (TGS)

Issues service tickets to the users in response to their requests accompanied by TGT so that they can access various services in the realm.

Table D-3 KDC Services Used to Manage KDC and Kerberos Principals

KDC Service

Purpose

Kerberos Administration Server

Server component for maintaining Kerberos principals, policies, and service key tables (keytabs). This server responds to the requests from the kadmin and kpasswd utilities.

Kerberos Administration Utilities

Client component (such as kadmin, kadmin.local, and kdb5_util) for maintaining Kerberos realms, principals, policies, and service key tables.

Kerberos Password Server

Server component of the Kerberos Password utility for changing passwords of Kerberos principals.

Kerberos Client Utilities

Utilities such as kinit and kpasswd, which are used for various operations like login and changing passwords.