Not to beat a dead horse, but yes. That’s actually a pretty good description of what happens.
Good luck. > On Oct 4, 2018, at 9:11 AM, Ken Hornstein <k...@cmf.nrl.navy.mil> wrote: > >> Since the service ticket contains the session key encrypted with the >> service key, and the service knows its key via the keytab file, the >> service is able to decrypt the ticket, get the session key, decrypt the >> remaining part of the authenticator, and compare the identity encrypted >> with the session key with the identity embedded in the ticket service, >> enabling it to authenticate the client. >> >> All of this without the service contacting the KDC. That is the most >> important point. >> >> Am I right ? > > Yes. > > --Ken Personal email. hbh...@oxy.edu