In Kerberos, the Ticket Granting Ticket (TGT) is used for the following:
An authentication ticket, also known as a ticket-granting ticket (TGT), is a small amount of encrypted data that
is issued by a server in the Kerberos authentication model to begin the authentication process. When the client
receives an authentication ticket, the client sends the ticket back to the server along with additional information
verifying the client’s identity. The server then issues a service ticket and a session key (which includes a form of
password), completing the authorization process for that session.
In the Kerberos model, all tickets are time-stamped and have limited lifetimes. This minimizes the danger that
hackers will be able to steal or crack the encrypted data and use it to compromise the system. Ideally, no
authentication ticket remains valid for longer than the time an expert hacker would need to crack the encryption.
Authentication tickets are session-specific, further improving the security of the system by ensuring that no
authentication ticket remains valid after a given session is complete.