!!! Overview 
[Kerberos Authentication Service] (AS Exchange) is between the [Client-Principal] and the [Kerberos] Authentication Server is initiated when a [Client-Principal] wishes to obtain [authentication] [credentials] for a given [resource] but currently holds no [credentials]. 


The [AS Exchange] is the [Kerberos] [Ticket Granting Ticket] ([TGT]) [request] and [response] sent from the [client] to the [Key Distribution Center] ([KDC]). 

If the [AS Exchange] is successful, the client is provided with a [Ticket Granting Ticket] ([TGT]). 

[{$pagename}] does __NOT__ verify that the [Client-Principal] issuing a [request] is a valid [client], [{$pagename}] sends a blind [response] a of a [TGT] that an [attacker] won't be able to process if he does not have the [Client-Principal]'s [password]. 

The [{$pagename}] is a component of a [Kerberos] system which [authenticates] [clients], and [TGT] that the [client] can send to the [TGS] to get a [Client-To-Server Ticket]. 

In its basic form, the [Client-Principal]'s [Secret-key] is used for [encryption] and [decryption]. This exchange is typically used at the initiation of a login session to obtain [credentials] for a [Ticket Granting Service] which will subsequently be used to obtain [credentials] for other [Service Providers] without requiring further use of the [Client-Principal]'s [secret-key]. 

The [{$pagename}] exchange may also used to request credentials for services that must not be mediated through the [Ticket Granting Service], but rather require knowledge of a [Client-Principal]'s [Secret-key], such as the [password] change service (the password-changing service denies requests unless the requester can demonstrate knowledge of the user's old password; requiring this knowledge prevents unauthorized password changes by someone walking up to an unattended session). 
 

!! More Information 
There might be more information for this subject on one of the following: 
[{ReferringPagesPlugin before='*' after='\n' }]