In Kerberos, the Ticket Granting Ticket (TGT) is used for which of the following?
D. Multifactor authentication
Correct Answer: C
Section: Access Control and Identity Management
An authentication ticket, also known as a ticket-granting ticket (TGT), is a small amount of encrypted data that is issued by a server in the Kerberos authentication model to begin the
authentication process. When the client receives an authentication ticket, the client sends the ticket back to the server along with additional information verifying the client’s identity.
The server then issues a service ticket and a session key (which includes a form of password), completing the authorization process for that session.
In the Kerberos model, all tickets are time-stamped and have limited lifetimes. This minimizes the danger that hackers will be able to steal or crack the encrypted data and use it to
compromise the system. Ideally, no authentication ticket remains valid for longer than the time an expert hacker would need to crack the encryption. Authentication tickets are sessionspecific,
further improving the security of the system by ensuring that no authentication ticket remains valid after a given session is complete.
A, B: The Ticket Granting Ticket (TGT) is used for authentication and not for identification or authorization.
D: Multifactor authentication pools two or more independent credentials:
What the user knows (password)
What the user has (security token)
What the user is (biometric verification).