Getting a Host Ticket

• The TGS decrypts the TGT using it’s secret key. This provides it with the client’s identity and the session key (KS1).

• The TGS uses the session key to decrypt the Authenticator and uses the information in it to verify the request.

• The TGS generates a new session key (KS2) to be shared by the client and the target service.

• The TGS generates a ticket for the target service (Tktservice), incorporating into it a copy of the new session key KS2.

Previous slide

Next slide

Back to first slide

View graphic version