Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

Kerberos FAQ, v2.0 (last modified 8/18/2000)
Section - 1.12. I see the acronyms TGT and TGS used a lot. What do they mean?

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Business Photos and Profiles ]


Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.11. What is ASN.1?
Next Document: 1.13. What is the export status of Kerberos?
See reader questions & answers on this topic! - Help others by sharing your knowledge
TGT is the acronym for a "Ticket Granting Ticket".

TGS is the acronym for the "Ticket Granting Service".

While it may seen that the two acronyms are used interchangeably, they refer
to two very different things. The Ticket Granting Ticket is a Kerberos
ticket for the Ticket Granting Service. Both play a special role in
Kerberos.

When a user first authenticates to Kerberos, he talks to the Authentication
Service on the KDC to get a Ticket Granting Ticket. This ticket is encrypted
with the user's password.

When the user wants to talk to a Kerberized service, he uses the Ticket
Granting Ticket to talk to the Ticket Granting Service (which also runs on
the KDC). The Ticket Granting Service verifies the user's identity using the
Ticket Granting Ticket and issues a ticket for the desired service.

The reason the Ticket Granting Ticket exists is so a user doesn't have to
enter in their password every time they wish to connect to a Kerberized
service or keep a copy of their password around. If the Ticket Granting
Ticket is compromised, an attacker can only masquerade as a user until the
ticket expires.

The documentation in Question 1.4 explains all of this in further detail.

User Contributions:

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA




Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.11. What is ASN.1?
Next Document: 1.13. What is the export status of Kerberos?

Single Page

[ Usenet FAQs | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>





Last Update March 27 2014 @ 02:11 PM