Set up Kerberos Version 5 KDC to use AES encryption

Learn how to set up a Key Distribution Center (KDC) to use Advanced Encryption Standard (AES) encryption to secure tickets. Developers use KDC in systems to control the permission for users to access certain services. The KDC uses tickets as a means to flag permission for accessing a particular service, or for authenticating users and providers of services.

You can use Kerberos to verify the identities of users and principals over networks. There are two types of tickets to use in this process: a ticket granting ticket and a service ticket. A ticket granting ticket authenticates you to request service tickets. A server provides requests for service tickets to access an actual service. The Key Distribution Center (KDC) is used as a trusted third party that issues these tickets.

The tickets are encrypted so that only principals with valid private keys, or the KDC with the entire Kerberos database of principal names, their private keys, and their expiration, can decrypt them.