126.96.36.199 Authentication to Services
When the initial authentication is complete and the TGT is obtained, the user typically wants to use a network resource. For a Kerberos-aware application, the Kerberos client initiates a TGS exchange requesting a service ticket to the named service, for example, "host/hostname.domain.name".
The client application then takes the AP message and supplies it, in band with the application protocol, to the server. The Kerberos server processes the message as specified in [RFC4120] and completes the connection. The AP exchange is covered further in section 3.4.