Ticket Granting Server

What Does Ticket Granting Server Mean?

A ticket granting server (TGS) is a logical key distribution center (KDC) component that is used by the Kerberos protocol as a trusted third party. A TGS validates the use of a ticket for a specified purpose, such as network service access.


Techopedia Explains Ticket Granting Server

Kerberos uses the following TGS subprotocols:

  • A client requests Kerberos server credentials by sending a clear text ticket request for an authentication ticket or ticket granting ticket (TGT). Then, the encrypted reply is transmitted to the client with the client’s secret key. This TGT request is later used with a TGS.
  • A client requests credentials from the TGS. Clients use the TGT to self-authenticate with the TGS. Then, the reply is encrypted in the session key and transmitted to the client.

Validated TGS tickets are used on different servers by respective client applications. A new service ticket is obtained by providing the TGS with the target service name, initial ticket and authenticator. The TGS compares data to build a new service ticket and generates a random session key. Finally, this data is encrypted and returned to the client as a new service authorization.


Related Terms

Margaret Rouse

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.