Defining Key Distribution Centers (KDCs) - BlueCat Integrity - 9.5.0

Address Manager Administration Guide

Product name
BlueCat Integrity

The KDC is a network service that supplies Kerberos tickets and temporary session keys to users and computers within an Active Directory domain. The KDC runs on each Active Directory domain controller. Address Manager supports multiple KDCs for GSS-TSIG configuration.

If you are running multiple domain servers and wish to use the GSS-TSIG protocol for secure DDNS updates, you must define a KDC in each Kerberos realm that you have created for each child domain.
Note: Modifying the list of KDCs in a Kerberos Realm and deploying DHCP requires a restart of DHCP service, resulting in a service outage.

To define a KDC:

  1. From the configuration drop-down menu, select a configuration.
  2. Select one of the following tabs: IP Space, DNS, Devices, TFTP, or Servers. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
  3. Select the Kerberos Realms tab. Under Kerberos Realms, click the name of a Kerberos realm.
  4. Click the KDCs tab and click New.
  5. Under General, set the name, host, and port:
    • Name—enter the name for the Kerberos Key Distribution Center (KDC).
    • Host—enter the IP address or hostname for the Kerberos Key Distribution Center (KDC).
      Note: If typing the hostname for the Host field, you must configure Address Manager with the IP address of a DNS server capable of resolving the hostname.
    • Port—enter the port for the Kerberos KDC. The default port number is 88.
  6. Under Change Control, add comments, if required.
  7. Click Add.