Thanks you both for your answers which are very helpfull. Having two different people corroborate my explanation is very valuable!
-- Emmanuel Coirier -----Message d'origine----- De : Henry B (Hank) Hotz, CISSP [mailto:hbh...@oxy.edu] Envoyé : dimanche 7 octobre 2018 02:59 À : Ken Hornstein Cc : Emmanuel Coirier; heimdal-discuss@h5l.org Objet : Re: Keytab, service and contacts with the KDC/AD Not to beat a dead horse, but yes. That’s actually a pretty good description of what happens. Good luck. > On Oct 4, 2018, at 9:11 AM, Ken Hornstein <k...@cmf.nrl.navy.mil> wrote: > >> Since the service ticket contains the session key encrypted with the >> service key, and the service knows its key via the keytab file, the >> service is able to decrypt the ticket, get the session key, decrypt >> the remaining part of the authenticator, and compare the identity >> encrypted with the session key with the identity embedded in the >> ticket service, enabling it to authenticate the client. >> >> All of this without the service contacting the KDC. That is the most >> important point. >> >> Am I right ? > > Yes. > > --Ken Personal email. hbh...@oxy.edu
