Each realm must include a server that maintains the master copy of the principal database. This server is called the master KDC server. Additionally, each realm should contain at least one slave KDC server, which contains a duplicate copy of the principal database. Both the master KDC server and the slave KDC server create tickets that are used to establish authentication.
The realm can also include a Kerberos application server. This server provides access to Kerberized services such as ftp, ssh, and NFS.
Figure 2-4 A Typical Kerberos Realm