Kerberos-Specific Terminology (System Administration Guide, Volume 2)

System Administration Guide, Volume 2

Previous: What Is SEAM?
Next: Authentication-Specific Terminology

Kerberos-Specific Terminology

Understanding the terms presented in this section, is needed when studying the sections about the administering the KDCs.

The Key Distribution Center or KDC is the portion of SEAM that is responsible for issuing credentials. These credentials are created using information stored in the KDC database. Each realm should have at least two KDCs, a master and at least one slave. All KDCs generate credentials, but only the master handles any changes to the KDC database.

A stash file contains a encrypted copy of the master key for the KDC. This key is used when a server is rebooted to automatically authenticate the KDC before starting kadmind and krb5kdc. Because this file includes the master key, the file and any backups of the file should be kept secure. If the encryption is compromised, then the key could be used to access or modify the KDC database.

Previous: What Is SEAM?
Next: Authentication-Specific Terminology