iam:kerberos:kdc

About

Key Distribution Center. A machine that issues Kerberos tickets.

The KDC is a service that should only be running on a domain controller. The service name is “Kerberos Key Distribution Center”. Basically the KDC is the service that is responsible for authenticating users when Kerberos is used.

Articles Related

Components

The KDC implements two server components:

Authentication Server (AS) that issues Ticket Granting Ticket (TGT),
and Ticket Granting Server (TGS) that issues Service tickets.

Management

List

klist from Windows

klist.exe query_bind

Current LogonId is 0:0x7f51cb6
The kerberos KDC binding cache has been queried successfully.

KDC binding cache entries: (1)

#0>     RealmName: DOMAIN_NAME.LOCAL
        KDC Address: 10.10.174.5
        KDC Name: hostname.domainName.local
        Flags: 0
        DC Flags: 0xe000f1fc -> GC LDAP DS KDC TIMESERV CLOSEST_SITE WRITABLE FULL_SECRET WS DS_8 PING DNS_DC DNS_DOMAIN DNS_FOREST
        Cache Flags: 0

Add

Windows

ksetup add kdc

ksetup /addkdc  RealmName  hostname.domainName.local

klist add_bind doesn't work …

klist.exe add_bind  RealmName  hostname.domainName.local

Current LogonId is 0:0x7f51cb6
Error calling DsGetDCName: 0x5

klist failed with 0x5/5: Access is denied.

Documentation / Reference

Kerberos for the Busy Admin

Table of Contents

Kerberos - Key Distribution Center (KDC)