Client-Server Exchange

Overview [1]#

Client-Server Exchange in Kerberos is the Authentication Methods between the Kerberos Client and the Service Provider (often a Windows Server)

The client blindly passes the Service Provider portion of the Service Ticket to the Service Provider in the TGS Exchange to establish a client/server session.

If Mutual Authentication is enabled, the target Service Provider returns a timestamp encrypted using the Service Ticket TGS Session Key. If the timestamp can be decrypts correctly, not only has the client authenticated himself to the server, but the Service Provider also has authenticated to the client. The target Service Provider never has to directly communicate with the KDC in the Client-Server Exchange.

After the Client-Server Exchange#

At the completion of the Client-Server Exchange, the Client is provided access to the Protected Resource

More Information#

There might be more information for this subject on one of the following: