Architectural Question ...

Tony Cowan bollocks at
Wed Feb 5 20:52:56 EST 2003

Sorry if this is a bit newbie ..

This is my hypothetical scenario:

I have a client process that authenticates to the KDC.
I get a TGT as part of that transaction I think.
I go back to the TGS with my TGT and get a ticket to access some service.
Now that service ticket should be encrypted with a key that the service 
for which it was issued also possesses.
So does the service need to contact a KDC to validate the ticket when it 
receives my call?
If so, why? Doesn't it possess the key required to decript the token in 
the ticket?

Thanks in advance.


More information about the Kerberos mailing list