Managing Kerberos and Other Authentication Services in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

Kerberos Servers

Each realm must include a server that maintains the master copy of the principal database. This server is called the master KDC server. Additionally, each realm should contain at least one slave KDC server, which contains a duplicate copy of the principal database. Both the master KDC server and the slave KDC server create tickets that are used to establish authentication.

The realm can also include a Kerberos application server. This server provides access to Kerberized services such as ftp, ssh, and NFS.

The following figure shows what a hypothetical realm might contain.

Figure 2-4  A Typical Kerberos Realm

image:Diagram shows a typical Kerberos realm, EXAMPLE.COM, which contains a master KDC, three clients, two slave KDCs, and two application servers.