Which protocol uses a Key Distribution Center to manage authentication and authorization functions?

Kerberos uses a Key Distribution Center as a trusted central authority to manage authentication and authorization. In Kerberos, the KDC stores secret keys for users and services. When a user logs in, the Authentication Service verifies credentials and issues a ticket-granting ticket. The user then requests access to specific services from the Ticket Granting Service, which issues a service ticket. The user presents this service ticket to the target service, and the service accepts it if valid. This setup enables single sign-on and requires passwords or credentials to be used only once, with tickets that are time-limited to reduce risk. The KDC’s role as the central issuer and validator of tickets is what ties authentication and authorization together in Kerberos. Other options don’t rely on a KDC for issuing and validating tickets: Diameter is a signaling AAA protocol with separate servers, LDAP is a directory service with its own authentication methods, and EAP is an authentication framework used for network access rather than a KDC-based ticketing system.