A key distribution center (KDC) is a component in an access control system responsible for servicing user requests to access resources by supplying access tickets and session keys. The KDC will use cryptographic techniques to authenticate requesting users, lookup their permissions, and grant them a ticket permitting access. The user can then present the ticket to the target resource/system, which verifies it and grants the user access.
Security systems using KDCs include Kerberos.
Implementations of KDC may differ from system to system. For example, Kerberos partitions KDC functionality between two different agents: the Authentication Server (AS) and the Ticket Granting Service (TGS). The AS issues ticket-granting tickets (TGTs) following successful authentication of the user. Using the ticket-granting-ticket, the user can access to the TGS and request a ticket to access a specific resource/system. The TGS issues tickets for connection to resources in its own domain, based on a valid ticket-granting-ticket presented by the user.
See also internet key exchange.
KDCs generally provide authentication, authorization and ticket-granting services.
Kerberos is a client-server authentication protocol that enables mutual authentication – both the user and the server verify each other’s identity – over non-secure network connections.