...
To use KDC in Identity Server, you need to use the embedded LDAP which ships with WSO2 Identity Server. Thus, by default, the KDC server is disabled. To enable the KDC server, go to the Identity Server home directory and navigate to the <PRODUCT_HOME>/repository/conf folder/identity folder. There you will find a file named embedded-ldap.xml. Open embedded-ldap.xml and find the <KDCServer/> XML tag. You will configure the XML element named enabled. Set its value to true. After modifying it, the XML configuration should look like this:
...
The KDC Server issues tickets to access a particular service. Thus, each type of service is associated with a particular service name. In the case of KerberoKerberos, we call the service name “Service Principal Name” (SPN). Before we assign an SPN to a service, we need to define the “Service Principal Name” in KDC.
...