Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Key distribution center
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{No footnotes|date=October 2024}} In [[cryptography]], a '''key distribution center''' ('''KDC''') is part of a [[cryptosystem]] intended to reduce the risks inherent in exchanging [[key (cryptography)|key]]s. KDCs often operate in systems within which some users may have permission to use certain services at some times and not at others. ==Security overview== For instance, an administrator may have established a policy that only certain users may back up to tape. Many [[operating system]]s can control access to the tape facility via a "system [[Daemon (computer software)|service]]". If that system service further restricts the tape drive to operate only on behalf of users who can submit a service-granting ticket when they wish to use it, there remains only the task of distributing such tickets to the appropriately permitted users. If the ticket consists of (or includes) a key, one can then term the mechanism which distributes it a KDC. Usually, in such situations, the KDC itself also operates as a system service. ==Operation== A typical operation with a KDC involves a request from a user to use some service. The KDC will use cryptographic techniques, mostly using [[symmetric encryption]], to authenticate requesting users as themselves. It will also check whether an individual user has the right to access the service requested. If the authenticated user meets all prescribed conditions, the KDC can issue a ticket permitting access. In most (but not all) cases the KDC shares a [[key (cryptography)|key]] with each of all the other parties. The KDC produces a [[Ticket (IT security)|ticket]] based on a [[Server (computing)|server]] key. The [[client (computing)|client]] receives the ticket and submits it to the appropriate [[Server (computing)|server]]. The server can verify the submitted ticket and grant access to user submitting it. ==Examples== Security systems using KDCs include [[Kerberos (protocol)|Kerberos]]. (Actually, Kerberos partitions KDC functionality between two different agents: the AS (Authentication Server) and the TGS (Ticket Granting Service).) ==References== {{reflist}} ==External links== * [http://www.zeroshell.net/eng/kerberos/Kerberos-operation/ Kerberos Authentication Protocol] {{Webarchive|url=https://web.archive.org/web/20120317034215/http://www.zeroshell.net/eng/kerberos/Kerberos-operation/ |date=2012-03-17 }} * Microsoft: [https://technet.microsoft.com/en-us/library/cc734104%28v=ws.10%29.aspx Kerberos Key Distribution Center - TechNet] * Microsoft: [https://msdn.microsoft.com/en-us/library/windows/desktop/aa378170%28v=vs.85%29.aspx Key Distribution Center - MSDN] [[Category:Key management]] [[Category:Computer network security]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)
Pages transcluded onto the current version of this page
(
help
)
:
Template:No footnotes
(
edit
)
Template:Reflist
(
edit
)
Template:Webarchive
(
edit
)