a security protocol designed for authenticating trusted hosts even through untrusted networks.
three main elements
the main workflow to grant access to a service for a client from the server is
- client requests an authentication ticket or Ticket-Granting-Ticket THT with it’s credentials
- the authentication service checks the credentials
- whichever ticket is encrypting use the Ticket Granting Service TGS
- the client uses the TGT to ask the TGS (usually also the KDC) for access to a particular service
- the TGS sends back a session key for the requested service
- The client uses the session key with the service