Export (0) Print
Expand All Authentication to Services

When the initial authentication is complete and the TGT is obtained, the user typically wants to use a network resource. For a Kerberos-aware application, the Kerberos client initiates a TGS exchange requesting a service ticket to the named service, for example, "host/hostname.domain.name".

The Kerberos client then initiates an AP exchange which MAY be encoded in a GSS–API style wrapper, if the Kerberos-aware application requests it.

KILE provides no support for direct access to the Kerberos KRB_SAFE or KRB_PRIV messages.

The client application then takes the AP message and supplies it, in band with the application protocol, to the server. The Kerberos server processes the message as specified in [RFC4120] and completes the connection. The AP exchange is covered further in section 3.4.

© 2015 Microsoft