The KDC contains three components :
The KDC role is to authenticate users and distribute tickets based on the information stored in its database.
The Apache Kerberos Server contains all these three components and hence is a KDC.
The KDC is associated with a Realm.
The following schema expose the way the KDC works :
In order to use a service, the client needs to get a ticket for this service from the KDC. This requires a two step process, where the client first authenticates himself, and then get back a ticket to use with the targeted server.
Though the Autehntication and Ticket Granting services look like running in separate servers, a signle Kerberos server implementation oftent contains both.