34,333
edits
Changes
→Client Authentication
* The Authentication Server checks to see if the client exists in its database. If it exists, it sends back the two messages, Client/Ticket Granting Server (TGS) session key encrypted using the secret key of the user and a Ticket-Granting Ticket (which includes the client ID, client network address, ticket validity period, and the client/TGS session key) encrypted using the secret key of the TGS.
* The client devrypts decrypts the TGS session key for use in further communications with TGS. The client cannot, however, decrypt the TGT message which was encrypted using TGS's secret key.
=== Client Service Authorization ===
