Kerberos Components and Cryptographic Keys

C.

The Key Distribution Center (KDC) holds all users' and services' cryptographic keys.

It provides authentication services, as well as key distribution functionality.

The Authentication Service is the part of the KDC that authenticates a principal.

The Key Distribution Service and Key Granting Service are distracters and are not defined Kerberos components.

Source: WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#1 Access Control System & Methodology (page 3)

The correct answer is C. The Key Distribution Center (KDC) holds all users' and services' cryptographic keys in a Kerberos authentication system.

Kerberos is a network authentication protocol that provides a secure way to authenticate clients and servers over an insecure network. Kerberos is based on a client-server model and uses symmetric-key cryptography to secure communication between nodes.

The Kerberos protocol uses three components: the client, the server, and the Key Distribution Center (KDC). The KDC is the central component of the Kerberos protocol and is responsible for the secure distribution of secret keys to clients and servers.

The KDC has two sub-components: the Authentication Service (AS) and the Ticket Granting Service (TGS). The AS is responsible for authenticating clients, while the TGS is responsible for issuing tickets for access to services.

The KDC holds a database of all users and services in the Kerberos realm and their corresponding cryptographic keys. When a user or service requests authentication, the KDC retrieves the appropriate key from its database and uses it to generate a ticket that is sent back to the client or service.

Therefore, the correct answer is C, the Key Distribution Center. The other answer options, Key Distribution Service and Key Granting Service, are not standard components of the Kerberos protocol. The Authentication Service, while part of the KDC, is responsible for authentication, not key distribution.