Kerberos - Key Distribution Center (KDC)

Kerberos - Key Distribution Center (KDC)

About

Key Distribution Center. A machine that issues Kerberos tickets.

The KDC is a service that should only be running on a domain controller. The service name is “Kerberos Key Distribution Center”. Basically the KDC is the service that is responsible for authenticating users when Kerberos is used.

Articles Related

Components

The KDC implements two server components:

Authentication Server (AS) that issues Ticket Granting Ticket (TGT),
and Ticket Granting Server (TGS) that issues Service tickets.

Management

List

klist from Windows

klist.exe query_bind

Current LogonId is 0:0x7f51cb6
The kerberos KDC binding cache has been queried successfully.

KDC binding cache entries: (1)

#0>     RealmName: DOMAIN_NAME.LOCAL
        KDC Address: 10.10.174.5
        KDC Name: hostname.domainName.local
        Flags: 0
        DC Flags: 0xe000f1fc -> GC LDAP DS KDC TIMESERV CLOSEST_SITE WRITABLE FULL_SECRET WS DS_8 PING DNS_DC DNS_DOMAIN DNS_FOREST
        Cache Flags: 0

Add

Windows

ksetup add kdc

ksetup /addkdc  RealmName  hostname.domainName.local

klist add_bind doesn't work …

klist.exe add_bind  RealmName  hostname.domainName.local

Current LogonId is 0:0x7f51cb6
Error calling DsGetDCName: 0x5

klist failed with 0x5/5: Access is denied.

Documentation / Reference

Kerberos for the Busy Admin

Recommended Pages

Kerberos - (Ticket|Credentials)

Kerberos credentials, or “tickets” are the credentials in Kerberos. There are only two different types for tickets that the KDC issues. Ticket Granting Ticket (TGT). The first ticket obtained is "...

Kerberos - Authentication

in Kerberos The KDC is the service that is responsible for authenticating users when Kerberos is used. Articles Related Management See

Kerberos - Authentication Server (AS)

in Kerberos The KDC (role|component) that verifies the identity of the principal and issues the Ticket Granting Ticket (TGT) to the principal upon successful authentication. Articles Related

Kerberos - Encryption type

encryption in Kerberos Encryption is used for both the ticket-granting-ticket and session tickets. There are three components: the client, the KDC, and the server. Each one may support a differen "...

Kerberos - KeyTab (Key Table)

All Kerberos server machines need a keytab file to authenticate to the KDC. A keytab file contains one or more shared secret key. A service will use a keytab file in much the same way as a user uses "...

Kerberos - Ticket Granting Server (TGS)

TGS is a KDC component that issues a service ticket when a principal requests connection to a Kerberos service. You must first have a Ticket Granting Ticket (TGT) for the (Active Directory) domain bef "...

Kerberos - Ticketing Process

Kerberos ticketing process between: the the the Articles Related Steps Client's identity Under Kerberos, a client sends a request for a ticket to the Key Distribution Center (KDC). The KDC creates "...

Kerberos - krb5 configuration file

The krb5 (conf|ini) file contains Kerberos configuration information, including: the locations of KDCs the location of admin servers defaults for the current realm defaults for Kerberos applicatio "...

Kerberos - ticket-granting ticket (TGT)

A ticket-granting ticket (TGT) is the first ticket obtained in a kerberos system. It's a special ticket that permits the client to obtain additional Kerberos tickets within the same Kerberos realm. U "...

OBIEE 11G - SSO Authentication with Windows Native Authentication (WNA)

This article will go through an SSO Authentication with Windows Native Authentication (WNA) and kerberos Articles Related Prerequisites Weblogic is on a Unix machines Architecture StepsKerberos Ke "...

Share this page: