Understanding Novell Kerberos KDC

Traditional Kerberos implementations stored relevant Kerberos information pertaining to a realm in a database. Database propagation between KDCs was handled by vendor-specific protocols. Also, the management of the Kerberos database was done using vendor-specific administration utilities.

Novell^® Kerberos KDC, provides the ease of single point of management for deployments with both Kerberos and Novell eDirectory^TM, and also gives the advantage of eDirectory replication and security capabilities. It moves Kerberos-specific data to eDirectory and provides Kerberos services using a KDC that accesses data stored in eDirectory. Additionally, since authentication r9equests lead to database operations that are mostly read-only in nature, eDirectory is well suited to replace the traditional database component. Also, as Kerberos is a standard authentication mechanism, eDirectory accepts Kerberos tickets to grant access to directory services.

Novell Kerberos KDC integrates Kerberos Authentication, Administration, and Password Servers with eDirectory as data store. It is interoperable with KDCs from other vendors like MIT (Massachusetts Institute of Technology) and Microsoft (Active Directory). Administration is possible both using the traditional command line tools and Novell's Web-based framework (iManager).

Figure 1
Kerberos Authentication Using Novell Kerberos KDC

This chapter provides the following information:

• Features of Novell Kerberos KDC
• Components of Novell Kerberos KDC
• Differences in Novell Kerberos KDC
• Understanding Kerberos Integration with eDirectory