Kerberos - Key Distribution Center (KDC)
Table of Contents
About
Key Distribution Center. A machine that issues Kerberos tickets.
The KDC is a service that should only be running on a domain controller. The service name is “Kerberos Key Distribution Center”. Basically the KDC is the service that is responsible for authenticating users when Kerberos is used.
Articles Related
Components
The KDC implements two server components:
- Authentication Server (AS) that issues Ticket Granting Ticket (TGT),
- and Ticket Granting Server (TGS) that issues Service tickets.
Management
List
- klist from Windows
klist.exe query_bind
Current LogonId is 0:0x7f51cb6
The kerberos KDC binding cache has been queried successfully.
KDC binding cache entries: (1)
#0> RealmName: DOMAIN_NAME.LOCAL
KDC Address: 10.10.174.5
KDC Name: hostname.domainName.local
Flags: 0
DC Flags: 0xe000f1fc -> GC LDAP DS KDC TIMESERV CLOSEST_SITE WRITABLE FULL_SECRET WS DS_8 PING DNS_DC DNS_DOMAIN DNS_FOREST
Cache Flags: 0
Add
Windows
ksetup /addkdc RealmName hostname.domainName.local
- klist add_bind doesn't work …
klist.exe add_bind RealmName hostname.domainName.local
Current LogonId is 0:0x7f51cb6
Error calling DsGetDCName: 0x5
klist failed with 0x5/5: Access is denied.