Ticket Granting Server (TGS)

Last Updated: January 17, 2017

Definition - What does Ticket Granting Server (TGS) mean?

A ticket granting server (TGS) is a logical key distribution center (KDC) component that is used by the Kerberos protocol as a trusted third party. A TGS validates the use of a ticket for a specified purpose, such as network service access.

Free White Paper: "AI and ML in the Oil and Gas Industry". Take a look at 10 real-world use cases that demonstrate how AI and ML are already being used in the oil and gas industry, and how AI innovation can help renew the industry.

Techopedia explains Ticket Granting Server (TGS)

Kerberos uses the following TGS subprotocols:

A client requests Kerberos server credentials by sending a clear text ticket request for an authentication ticket or ticket granting ticket (TGT). Then, the encrypted reply is transmitted to the client with the client’s secret key. This TGT request is later used with a TGS.
A client requests credentials from the TGS. Clients use the TGT to self-authenticate with the TGS. Then, the reply is encrypted in the session key and transmitted to the client.

Validated TGS tickets are used on different servers by respective client applications. A new service ticket is obtained by providing the TGS with the target service name, initial ticket and authenticator. The TGS compares data to build a new service ticket and generates a random session key. Finally, this data is encrypted and returned to the client as a new service authorization.