Kerberos Key Distribution Center The Kerberos Key Distribution Center service enables users to log on to the network and be authenticated by the Kerberos version 5 (v5) authentication protocol. As in other implementations of the Kerberos protocol, the Kerberos Key Distribution Center (KDC) is a single process that provides two services: Authentication Service. This service issues ticket-granting tickets (TGTs) for connection to the ticket-granting service in its own domain or in any trusted domain. Before a client computer can request a ticket to another computer, it must request a TGT from the authentication service in its account domain. The authentication service returns a TGT for the ticket-granting service in the target computer's domain. The TGT can be reused until it expires, but first access to any domain's ticket-granting service always requires the client computer to contact the authentication service in its account domain. Ticket-granting service. This service issues tickets for connection to computers in its own domain. When a client computer wants to access another computer, it must request a TGT and ask for a ticket to the computer. The ticket can be reused until it expires, but first access to any computer always requires contact with the ticket-granting service in the target computer's account domain. If the Kerberos Key Distribution Center service stops, users will be unable to log on to the network and access resources.

[manual/disable/automatic]

(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsSystem Services!Kerberos Key Distribution Center (2) REG: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetserviceskdc!Start