What is a “Kerberos client”, “Kerberos server”, and “application server”?
In Kerberos, all authentication takes place between clients and servers. So in Kerberos termology, a “Kerberos client” is any entity that gets a service ticket for a Kerberos service. A client is typically a user, but any principal can be a client (unless for some reason the administrator has explicitly forbidden this principal to be a client). The term “Kerberos server” generally refers to the Key Distribution Center, or the KDC for short. The KDC implements the Authentication Service (AS) and the Ticket Granting Service (TGS). The KDC has a copy of every password associated with every principal. For this reason, it is absolutely vital that the KDC be as secure as possible. Most KDC implementations store the principals in a database, so you may hear the term “Kerberos database” applied to the KDC. For reliability purposes, it is possible to have backup KDCs. These are referred to as slave servers. The slaves all synchronize their databases from the master KDC. In most Kerberos impleme
