Overview#

Key Distribution Center is a Kerberos service provide supplies session tickets and temporary Session Keys

The Key Distribution Center contains three components :

• Authentication Service - authenticate users and Service Providers
• Ticket Granting Service - distribute tickets based on the information stored in its Kerberos Database
• Kerberos Database- Often a LDAP Server

A Key Distribution Center can be associated to only one Kerberos Realm.

Key Distribution Center and Microsoft Active Directory#

Kerberos Key Distribution Center (KDC) is a network service on all Domain Controllers as part of Active Directory Domain Services (AD LDS).

Key Distribution Center is located within the Local Security Authority Subsystem Service (LSASS).

Key Distribution Center supplies Session Tickets and temporary session keys to users and computers within an Microsoft Active Directory domain.

The Security Account Manager (SAM) database on the Windows Client is used to authenticate requests from the Key Distribution Center. The SAM database MUST be available for the Kerberos client authentication request to succeed.

More Information#

There might be more information for this subject on one of the following:

• AS Exchange
• DS_FLAG
• Group Managed Service Account
• How passwords are used in Windows
• KDC
• Kerberos
• Kerberos Authentication Service
• Kerberos Service Account
• Key Distribution Center
• Public Key Cryptography Based User-to-User
• TGS Session Key
• Ticket Granting Ticket
• Well-known Security Identifiers