KDC - Key Distribution Center

By: Diane Shired, CTM

Meaning of KDC - "Key Distribution Center”, is a domain service that uses a directory to hold its account database and global catalog for referral to KDC’s in other domains. KDC is used for security purposes and is part of a secret code system that reduces the risks in exchanging Keys (encrypted information that control operation of an algorithm). An algorithm is a step-by-step procedure for solving a problem or accomplishing some end especially by a computer. KDC uses Kerberos (a network authentication protocol) which is a secure method for authenticating a request for a service in a computer network.

A KDC operation includes request from users to use a particular computer network service, then encrypted techniques are use to authenticate the requestor as themselves. It also check to see if the user has the right to access the service requested. If the authentication is successful KDC issues a ticket (permission) based on a server Key to allow access.

KDC must be trusted however; a KDC can become a single point of failure. What is meant by that is there is no such thing as a perfectly reliable system. A typical reliable system design failure rates include 99.999% availability and 99.9999% availability.

Other Related Definitions:

"Key Distribution Center, a network service that supplies tickets and temporary session keys; or an instance of that service or the host on which it runs. The KDC services both initial ticket and ticket-granting ticket requests. The initial ticket portion is sometimes referred to as the Authentication Server (or service). The ticket-granting ticket portion is sometimes referred to as the ticket-granting server (or service). " [. Network Security - Access Code, November 15, 2005 ]

"The Key Distribution Center (KDC) is implemented as a domain service. It uses the Active Directory as its account database and the Global Catalog for directing referrals to KDCs in other domains. As in other implementations of the Kerberos protocol, the KDC is a single process that provides two services: Authentication Service (AS) and Ticket-Granting Service (TGS)" [Microsoft MSDN]

Related Links:

Network Computing - KerbNet Takes A Bite Out Of Hackers
Microsoft - Disabled Kerberos Key Distribution Prevents Exchange Services from Starting
Informit - Kerberos Security in Windows XP
Network Computing - Keeping The Goods Under Lock and Key
Contents - Secret Key Distribution

(C) Copyright Birds-Eye.Net, All rights reserved.
It is against the law to reproduce this content or any portion of it in any form without the explicit written permission of Birds-Eye Network Services, LLC. Federal copyright law (17 USC 504) makes it illegal, punishable with fines up to $100,000 per violation plus attorney's fees.