What is Ticket Granting Server (TGS)?
A Ticket Granting Server (TGS) is a Logical Key Distribution Center (KDC) component used by the Kerberos protocol as a trusted third party. A TGS validates the use of a ticket for a specific purpose, e.g. B. Network Service Access.
Kerberos uses the following TGS sub-protocols:
A client requests Kerberos server credentials by sending a request for a clear text ticket for an authentication ticket or a ticket grant ticket (TGT). Then the encrypted response with the client's secret key is transmitted to the client. This TGT request will later be used with a TGS.
A client requests login information from the TGS. Clients use the TGT to authenticate themselves with the TGS. Then the answer is encrypted in the session key and transmitted to the client.
Validated TGS tickets are used on different servers by corresponding client applications. A new service ticket is obtained by providing the target service name, initial ticket, and authenticator to the TGS. The TGS compares data to create a new service ticket and generates a random session key. Finally, this data is encrypted and returned to the client as a new service authorization.