Not to beat a dead horse, but yes. That’s actually a pretty good description of 
what happens.

Good luck.

> On Oct 4, 2018, at 9:11 AM, Ken Hornstein <k...@cmf.nrl.navy.mil> wrote:
> 
>> Since the service ticket contains the session key encrypted with the
>> service key, and the service knows its key via the keytab file, the
>> service is able to decrypt the ticket, get the session key, decrypt the
>> remaining part of the authenticator, and compare the identity encrypted
>> with the session key with the identity embedded in the ticket service,
>> enabling it to authenticate the client.
>> 
>> All of this without the service contacting the KDC. That is the most
>> important point.
>> 
>> Am I right ?
> 
> Yes.
> 
> --Ken

Personal email.  hbh...@oxy.edu



Reply via email to