Kerberos with TGS

• Ticket Granting Service (TGS):

• A Kerberos authenticated service, that allows user to obtain tickets for other services
• Co-located at the KDC

• Ticket Granting Ticket (TGT):

• Ticket used to access the TGS and obtain service tickets

• Limited-lifetime session key: TGS sessionkey

• Shared by user and the TGS

• TGT and TGS session-key cached on Alice’s workstation