3.1.5 Message Processing Events and Sequencing Rules

Figure 3: Entities Involved in Service for User (S4U) Protocols

The previous figure shows the entities involved in S4U protocols and the principal communications between them. In the following discussions of processing the S4U messages, it is assumed that Service 1 has started up and has already authenticated itself to its own KDC via the standard KRB_AS_REQ and KRB_AS_REP message exchange (b) (also known as an Authentication Service (AS) exchange). In addition, the user has contacted the service and authenticated through some mechanism (a) other than using the KDC. Service 1 authenticates to Service 2 via the application protocol using the standard KRB_AP_REQ and KRB_AP_REP message exchange (c) (also known as an Authentication Protocol (AP) exchange).