Kerberos - Key Distribution Center (KDC)

1 - About

Key Distribution Center. A machine that issues Kerberos tickets.

The KDC is a service that should only be running on a domain controller. The service name is “Kerberos Key Distribution Center”. Basically the KDC is the service that is responsible for authenticating users when Kerberos is used.

3 - Components

The KDC implements two server components:

4 - Management

4.1 - List

klist.exe query_bind
Current LogonId is 0:0x7f51cb6
The kerberos KDC binding cache has been queried successfully.

KDC binding cache entries: (1)

#0>     RealmName: DOMAIN_NAME.LOCAL
        KDC Address: 10.10.174.5
        KDC Name: hostname.domainName.local
        Flags: 0
        DC Flags: 0xe000f1fc -> GC LDAP DS KDC TIMESERV CLOSEST_SITE WRITABLE FULL_SECRET WS DS_8 PING DNS_DC DNS_DOMAIN DNS_FOREST
        Cache Flags: 0

4.2 - Add

4.2.1 - Windows

ksetup /addkdc  RealmName  hostname.domainName.local
  • klist add_bind doesn't work …
klist.exe add_bind  RealmName  hostname.domainName.local
Current LogonId is 0:0x7f51cb6
Error calling DsGetDCName: 0x5

klist failed with 0x5/5: Access is denied.

5 - Documentation / Reference

security/kerberos/kdc.txt · Last modified: 2018/07/26 14:47 by gerardnico