Kerberos - Key Distribution Center (KDC)


Key Distribution Center. A machine that issues Kerberos tickets.

The KDC is a service that should only be running on a domain controller. The service name is “Kerberos Key Distribution Center”. Basically the KDC is the service that is responsible for authenticating users when Kerberos is used.


The KDC implements two server components:



klist.exe query_bind
Current LogonId is 0:0x7f51cb6
The kerberos KDC binding cache has been queried successfully.

KDC binding cache entries: (1)

#0>     RealmName: DOMAIN_NAME.LOCAL
        KDC Address:
        KDC Name: hostname.domainName.local
        Flags: 0
        Cache Flags: 0



ksetup /addkdc  RealmName  hostname.domainName.local
  • klist add_bind doesn't work …
klist.exe add_bind  RealmName  hostname.domainName.local
Current LogonId is 0:0x7f51cb6
Error calling DsGetDCName: 0x5

klist failed with 0x5/5: Access is denied.

Documentation / Reference

Discover More
Kerberos Ticket Manager Ticket Get
Kerberos - (Ticket|Credentials)

Kerberos credentials, or “tickets” are the credentials in Kerberos. There are only two different types for tickets that the KDC issues. Ticket Granting Ticket (TGT). The first ticket obtained is...
Kerberos - Authentication

in Kerberos The KDC is the service that is responsible for authenticating users when Kerberos is used. See
Kerberos - Authentication Server (AS)

in Kerberos The KDC (role|component) that verifies the identity of the principal and issues the Ticket Granting Ticket (TGT) to the principal upon successful authentication.
Kerberos - Encryption type

encryption in Kerberos Encryption is used for both the ticket-granting-ticket and session tickets. There are three components: the client, the KDC, and the server. Each one may support a...
Kerberos - KeyTab (Key Table)

All Kerberos server machines need a keytab file to authenticate to the KDC. A keytab file contains one or more shared secret key. A service will use a keytab file in much the same way as a user uses...
Kerberos - Ticket Granting Server (TGS)

TGS is a KDC component that issues a service ticket when a principal requests connection to a Kerberos service. You must first have a Ticket Granting Ticket (TGT) for the (Active Directory) domain before...
Kerberos Ticketing Process
Kerberos - Ticketing Process

Kerberos ticketing process between: the the the Under Kerberos, a client sends a request for a ticket to the Key Distribution Center (KDC). The KDC creates a ticket-granting ticket (TGT)...
Kerberos - krb5 configuration file

The krb5 (conf|ini) file contains Kerberos configuration information, including: the locations of KDCs the location of admin servers defaults for the current realm defaults for Kerberos applications,...
Mit Kerberos Ticket Manager
Kerberos - ticket-granting ticket (TGT)

A ticket-granting ticket (TGT) is the first ticket obtained in a kerberos system. It's a special ticket that permits the client to obtain additional Kerberos tickets within the same Kerberos realm. Under...
Wna Sso Kerberos Weblogic
OBIEE 11G - SSO Authentication with Windows Native Authentication (WNA)

This article will go through an SSO Authentication with Windows Native Authentication (WNA) and kerberos Weblogic is on a Unix machines A Windows 2000 (or later release) Server domain...

Share this page:
Follow us:
Task Runner