Topics: |
The KDC responds to an authentication service request of a client by returning a service ticket for itself. This special service ticket is called a ticket-granting ticket (TGT). A TGT enables the authentication service to safely transport the credentials of the requester to the ticket-granting service. It is meant only for use by the ticket-granting service.
The following list describes the main uses of a TGT:
An initial ticket from the authentication service of the user.
Used to request service tickets.
A Ticket Granting Ticket is similar to going through airport security, where you are validated that you are who you say you are. You can enter the secured area, but you will need something more to get on an actual flight.
A service ticket enables the ticket-granting service (TGS) to safely transport the credentials of the requester to the target server or service. A service ticket is used to authenticate with services other than the TGS and is meant only for the target service.
A service ticket is what gets the credentials the client is providing to the target, in an encrypted format. The service ticket is a ticket to a particular computer or program.
A Ticket Granting Ticket is the very first thing needed, if this fails, nothing else happens. Once a client has a TGT, then a service ticket for a particular service can be requested and issued.