Brian Tung, “ASN.1: Wherefore Art Thou?”
———————————————————— Subject: 1.12. I see the acronyms TGT and TGS used a lot. What do they mean? TGT is the acronym for a “Ticket Granting Ticket”. TGS is the acronym for the “Ticket Granting Service”. While it may seen that the two acronyms are used interchangeably, they refer to two very different things. The Ticket Granting Ticket is a Kerberos ticket for the Ticket Granting Service. Both play a special role in Kerberos. When a user first authenticates to Kerberos, he talks to the Authentication Service on the KDC to get a Ticket Granting Ticket. This ticket is encrypted with the user’s password. When the user wants to talk to a Kerberized service, he uses the Ticket Granting Ticket to talk to the Ticket Granting Service (which also runs on the KDC). The Ticket Granting Service verifies the user’s identity using the Ticket Granting Ticket and issues a ticket for the desired service. The reason the Ticket Granting Ticket exists is so a user do