Why does Kerberos need Ticket Granting Server?

Posted by Narsil on Server Fault See other posts from Server Fault or by Narsil
Published on 2010-04-19T04:45:17Z Indexed on 2010/04/19 4:53 UTC
Read the original article Hit count: 229

It's probably something fundamental but I can't find a certain statement. Why can't KDC authenticate then provide the service ticket directly. Is it about security or performance or some other thing? Since users don't log in each time they request a service and assumably they will keep logged in for a long time, AS doesn't seem so busy. Why do they have to be seperated?

© Server Fault or respective owner

Related posts about kerberos

Related posts about Performance