# Kerberos Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos uses UDP port 88 by default. Description The client authenticates itself to the **Authentication Server** (**AS**) which forwards the username to a key distribution center (KDC). The KDC issues a **ticket granting ticke**t (**TGT**), which is time stamped and encrypts it using the **ticket-granting service's** (**TGS**) secret key and returns the encrypted result to the user's workstation. This is done infrequently, typically at user logon; the TGT expires at some point although it may be transparently renew by the user's session manager while they are logged in. When the client needs to communicate with a service on another node (a "principal", in Kerberos parlance), the client sends the TGT to the TGS, which usually shares the same host as the KDC. The service must have already been registered with the TGS with a **Service Principal Nam**e (**SPN**). The client uses the SPN to request access to this service. After verifying that the TGT is valid and that the user is permitted to access the requested service, the TGS issues ticket and session keys to the client. The client sends the ticket to the **service server** (**SS**) along with its service request. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://dmcxblue.gitbook.io/red-team-notes-2-0/active-directory/active-directory/kerberos.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.