A KDC contains the identities and keys of every principal in the network that it must service within its realm. This principal information is stored in a local database within the KDC. In the Novell Kerberos KDC, the principal and realm information is stored in eDirectory.
The following tables list some of the services provided by a typical KDC (including the Novell Kerberos KDC):
Table D-2 Basic KDC Services and Their Purpose
Basic KDC Service |
Purpose |
---|---|
Authentication Server (AS) |
Issues authentication credentials known as Ticket Granting Tickets (TGT) to users while logging in. |
Ticket Granting Server (TGS) |
Issues service tickets to the users in response to their requests accompanied by TGT so that they can access various services in the realm. |
Table D-3 KDC Services Used to Manage KDC and Kerberos Principals
KDC Service |
Purpose |
---|---|
Kerberos Administration Server |
Server component for maintaining Kerberos principals, policies, and service key tables (keytabs). This server responds to the requests from the kadmin and kpasswd utilities. |
Kerberos Administration Utilities |
Client component (such as kadmin, kadmin.local, and kdb5_util) for maintaining Kerberos realms, principals, policies, and service key tables. |
Kerberos Password Server |
Server component of the Kerberos Password utility for changing passwords of Kerberos principals. |
Kerberos Client Utilities |
Utilities such as kinit and kpasswd, which are used for various operations like login and changing passwords. |