Architectural Question ...
Tony Cowan
bollocks at bollocks.com
Wed Feb 5 20:52:56 EST 2003
Sorry if this is a bit newbie ..
This is my hypothetical scenario:
I have a client process that authenticates to the KDC.
I get a TGT as part of that transaction I think.
I go back to the TGS with my TGT and get a ticket to access some service.
Now that service ticket should be encrypted with a key that the service
for which it was issued also possesses.
So does the service need to contact a KDC to validate the ticket when it
receives my call?
If so, why? Doesn't it possess the key required to decript the token in
the ticket?
Thanks in advance.
Tc.
More information about the Kerberos
mailing list