Key Distribution Center
Last updated
Last updated
The Key Distribution Center (KDC) is implemented as a domain service.
KDC uses the Active Directory as its and the Global Catalog for directing referrals to KDCs in other domains. The encryption key used in communicating with a user, computer, or service is stored as an attribute of the account object of that security principal.
Both Active Directory and KDC run as part of the LSA's process on a domain controller.
The KDC is a single process that provides two services: Authentication and Ticket-Granting service.
krbtgt
Created automatically when a new domain is created.
A random password value is assigned to the account automatically by the system during the creation of the domain.
The password for the KDC's account is used to derive a cryptographic key for encrypting and decrypting the TGTs that it issues.
Refer to .
This service issues (TGTs).
When clients want access to a computer, they contact the in the target computer's domain, present a TGT, and ask for a ticket to the computer.
Both Active Directory and KDC services are started automatically by the domain controller's (LSA) and run as part of the LSA's process.
The name used by the KDC in any domain.