!!! Overview
[{$pagename}] is generated when the previous [AP_REQ] arrives, the [Kerberos Authentication Service] checks whether PrincipalClient and PrincipalService exist in the [KDC] database: if at least one of the two does not exist an error message is sent to the client, otherwise the Authentication Server processes the reply as follows:

[Kerberos Authentication Service] randomly creates a [Session Key] which will be the [secret] shared between the [client] and the [TGS]. 

[Kerberos Authentication Service] creates the [Ticket Granting Ticket] putting inside it the requesting user’s [principal], the service [principal] (it is generally [KRBTGT]/REALM@REALM, but read the note* for the previous paragraph), the [IP Address] list (these first three pieces of information are copied as they arrive by the AS_REQ packet), date and time (of the KDC) in timestamp format, lifetime (see note*) and lastly the session key. [Kerberos Authentication Service] generates and sends the reply containing: the ticket created previously, encrypted using the secret key for the service, the service principal, timestamp, lifetime and [Session Key] all [encrypted] using the [Secret-key] for the user requesting the service.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Kerberos Operation|https://zeroshell.org/kerberos/kerberos-operation/|target='_blank'] - based on information obtained 2018-05-16