Contact Us Today 01642 716680

Key Distribution Center

Definition: The Key Distribution Center (KDC) is a centralised server that plays an essential role in the Kerberos network authentication protocol. It is responsible for issuing authentication tokens and facilitating the secure exchange of symmetric encryption keys between users and services across a network.

The Key Distribution Center’s primary functions are divided into two main parts: the Authentication Service (AS), which verifies user identities and issues Ticket Granting Tickets (TGT), and the Ticket Granting Service (TGS), which issues service tickets based on the TGTs. The secure and reliable operation of the Key Distribution Center is fundamental to the Kerberos protocol’s ability to provide a trustworthy authentication mechanism.

To establish authenticated sessions, The Key Distribution Center shares a secret key with each user or service within the domain. These secret keys enable the secure communication needed for Kerberos’ authentication tickets to be considered valid and trusted by all parties. The security of the KDC is paramount, as a compromise of the Key Distribution Center would undermine the security of the entire network.

Key Characteristics:

  • Central Component of Kerberos: Critical for the operation of the Kerberos authentication protocol.
  • Two-Part Service: Comprises the Authentication Service and the Ticket Granting Service.
  • Secure Secret Key Management: Maintains and distributes secret keys while ensuring their confidentiality and integrity.
  • Authentication and Ticketing: Authenticates users and issues tickets that are hardware-independent.


  • Real-World Example: An employee logs into a company’s secure intranet, the KDC checks their credentials and if valid, provides a TGT which in turn can be used to access different services on the network without re-authenticating.
  • Hypothetical Scenario: A university uses a KDC to manage access to its network resources, including its library system and administrative records, ensuring that only authenticated students and staff can gain access to authorised resources.

Related Terms:

  • Kerberos: An authentication protocol which relies on the services of the KDC for issuing and managing authentication tickets.
  • Ticket Granting Ticket (TGT): A ticket issued by the KDC’s Authentication Service that enables users to request service tickets from the Ticket Granting Service.
  • Service Ticket: A ticket that allows a user to access a specific service within the network; it is issued by the TGS.

Learn better by watching a video? Here is a YouTube video explaining the concept. Don’t we all just love Alice and Bob examples.

What is the OWASP Top 10: Download our flash cards to find out.

Inside you will find a description of the most common web vulnerabilities.

Contact us

Get a free, no obligation quote from one of our expert staff.