Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000) Previous Document: 1.11. What is ASN.1? Next Document: 1.13. What is the export status of Kerberos? See reader questions & answers on this topic! - Help others by sharing your knowledge TGT is the acronym for a "Ticket Granting Ticket". TGS is the acronym for the "Ticket Granting Service". While it may seen that the two acronyms are used interchangeably, they refer to two very different things. The Ticket Granting Ticket is a Kerberos ticket for the Ticket Granting Service. Both play a special role in Kerberos. When a user first authenticates to Kerberos, he talks to the Authentication Service on the KDC to get a Ticket Granting Ticket. This ticket is encrypted with the user's password. When the user wants to talk to a Kerberized service, he uses the Ticket Granting Ticket to talk to the Ticket Granting Service (which also runs on the KDC). The Ticket Granting Service verifies the user's identity using the Ticket Granting Ticket and issues a ticket for the desired service. The reason the Ticket Granting Ticket exists is so a user doesn't have to enter in their password every time they wish to connect to a Kerberized service or keep a copy of their password around. If the Ticket Granting Ticket is compromised, an attacker can only masquerade as a user until the ticket expires. The documentation in Question 1.4 explains all of this in further detail. User Contributions:Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000) Previous Document: 1.11. What is ASN.1? Next Document: 1.13. What is the export status of Kerberos? Single Page [ Usenet FAQs | Web FAQs | Documents | RFC Index ] Send corrections/additions to the FAQ Maintainer: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Last Update March 27 2014 @ 02:11 PM
|
Comment about this article, ask questions, or add new information about this topic: