Ticket Granting Server (TGS)

What Does Ticket Granting Server (TGS) Mean?

A ticket granting server (TGS) is a logical key distribution center (KDC) component that is used by the Kerberos protocol as a trusted third party. A TGS validates the use of a ticket for a specified purpose, such as network service access.

Techopedia Explains Ticket Granting Server (TGS)

Kerberos uses the following TGS subprotocols:

• A client requests Kerberos server credentials by sending a clear text ticket request for an authentication ticket or ticket granting ticket (TGT). Then, the encrypted reply is transmitted to the client with the client’s secret key. This TGT request is later used with a TGS.
• A client requests credentials from the TGS. Clients use the TGT to self-authenticate with the TGS. Then, the reply is encrypted in the session key and transmitted to the client.

Validated TGS tickets are used on different servers by respective client applications. A new service ticket is obtained by providing the TGS with the target service name, initial ticket and authenticator. The TGS compares data to build a new service ticket and generates a random session key. Finally, this data is encrypted and returned to the client as a new service authorization.