Its a mater of "cost". Authentication of a server, service, any entity requires system resources, it is expensive in time as well as cup cycles, system memory, setup cost, etc.
a reasonable comparison is found in computational differences in sending encryption. A lot of upfront effort is invested in protecting key distribution, but once done the actual transmission of encrypted data can be accomplished at greatly reduced "cost" based on preexisting session or historical identity. Renewing TGT/TGS is much faster than the initial setup. "kisito" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > Hi > > In the operation of the Kerberos protocol, why Authentication Server , > when > delivering the TGT, does not directly issued the service ticket? (so I do > not see why have complicated the protocol by introducing the TGS) > -- > View this message in context: > http://www.nabble.com/Kerboros-explain-tp18787840p18787840.html > Sent from the Kerberos - General mailing list archive at Nabble.com. > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
