Kerberos protocol provides authentication to any service. It could be DB service or Web Service. If an application wants to connec to DB (say) service , then it provides username /password to connect to DB. But if in same application iKerberos is implemented , then instead of directly connecting to DB service , the application gets it connected through kerberos .
- First App gets connected to Kerberos's Authentication Server by sending its client ID .
- AS verifies the application and sends a TGT token in its response .
- App after getting TGT sends a request to connect to TGT server to connect DB service.
- TGT server after validating DB service from its service list responds back with Access token to the application.
- App then uses this Acess token each time when it needs to connect to DB.
- This Access Token contains the encrypted info about TTL. After the time expires Kerberos refreshes Access Token . -- This point is not clear to me. I will describe it later.
