In Kerberos authentication, TGS (Ticket-Granting Service) tickets are temporary, encrypted credentials issued by a domain controller’s Ticket-Granting Server. They act as a “service ticket” (ST) that allows a user, who has already authenticated with a Ticket-Granting Ticket (TGT), to access specific network resources (like file servers or databases) without re-entering credentials.
Usage Examples of TGS Tickets Accessing Network Services: A user presents a TGS ticket to access a file share, printer, or web service on a network. Single Sign-On (SSO): Once a user logs in, the TGS issues tickets for various applications, enabling seamless access without prompt. Authentication to SQL Databases: Used to authenticate to backend servers. Kerberoasting Mitigation/Exploitation: In security testing, TGS tickets are used to attack service account passwords. Synonyms and Related Terms Service Ticket (ST) Kerberos Service Ticket TGS Ticket #authentication kerberos