- Kerberos - user enters credentials and obtains a TGT
- timestamp that makes it valid for 8 hours
- Kerberos client sends the TGT to the TGS which creates a second ticket.
- His ticket is used by the user to authenticate to the network resource
Kerberos - users sends authentication information to Authentication Service (AS)
AS creates a ticket granting ticket (TGT). which is encrypted with the user's secret key.
The TGT is used to communicate to THE ticket granting service (TGS)
TGS creates a ticket that contains two instances of the same session key that is encrypted with the individual principal's secret keys.
It is the second ticket that allows the 2 principals to obtain their session keys