The Kerberos protocol lets you send private information
across an otherwise open network. Kerberos tickets are unique keys that are
assigned to users and computers when they log on to a network. A Kerberos
ticket includes all the user credentials or computer credentials in an
encrypted format. These credentials are used to identify a specific user or a
specific computer on a network for access to Kerberos services. The following
list describes the two types of Kerberos tickets:
- Ticket-granting ticket
When you log on to a server, the central Key Distribution
Center (KDC) generates a Ticket-Granting Ticket (TGT). You use the TGT as a
master ticket to access all Kerberos services on a network. - Service ticket
When you try to access a service that requires Kerberos for
authentication, the service uses the ticket that you received from the KDC to
authenticate you. After the service verifies your identity and authenticates
you, the service issues a service ticket.
To verify whether your member server computer has Kerberos
tickets, you can use the Klist.exe command-line tool or the Kerbtray.exe
command-line tool. These tools are included in Windows Server 2003 Resource Kit
Tools.
For additional information about Kerberos, visit the following
Microsoft Web site:
For additional information about how to use Netdiag.exe tool, click the
following article number to view the article in the Microsoft Knowledge Base:
321708
How to use the Network Diagnostics Tool (Netdiag.exe) in Windows 2000