34,333
edits
Changes
→Client Authentication
* The client system transmits a cleartext message to the ''Authentication Server'' (AS) requesting services for the user. Note that neither the ''secret key'' nor the password is sent to the Authentication Server.
* The Authentication Server checks to see if the client exists in its database. If it exists, it sends back the two messages, a Client/Ticket Granting Server (TGS) session key encrypted using the secret key of the user and a Ticket-Granting Ticket (which includes the client ID, client network address, ticket validity period, and the client/TGS session key) encrypted using the secret key of the TGS.
* The client decrypts the TGS session key for use in further communications with TGS. The client cannot, however, decrypt the TGT message which was encrypted using TGS's secret key.