title: 1.1.4 - KDC (Key Distribution Center) navPrev: 1.1.3-keys.html navPrevText: 1.1.3 - Keys navUp: 1.1-introduction.html navUpText: 1.1 - Introduction navNext: 1.1.5-database.html navNextText: 1.1.5 - Database

1.1.4 - KDC (Key Distribution Center)

The KDC contains three components :

an Authentication Service
a Ticket Granting Service
a database (ApacheDS)

The KDC role is to authenticate users and distribute tickets based on the information stored in its database.

The Apache Kerberos Server contains all these three components and hence is a KDC.

The KDC is associated with a Realm.

The following schema expose the way the KDC works :

In order to use a service, the client needs to get a ticket for this service from the KDC. This requires a two step process, where the client first authenticates himself, and then get back a ticket to use with the targeted server.

Though the Autehntication and Ticket Granting services look like running in separate servers, a signle Kerberos server implementation oftent contains both.