- KDC Long Term Secret Key (KDC LT Key) - The KDC key is based on the KRBTGT service account. It is used to encrypt the TGT and sign the PAC.
- Client Long Term Secret Key (Client LT Key) - The client key is based on the computer or service account. It is used to check the encrypted timestamp and encrypt the session key.
- Service Long Term Secret Key (Service LT Key) - The service key is based on the service account. It is used to encrypt the service portion of the service ticket and sign the PAC.
- TGS Session Key - Issued by the KDC (AS) when a TGT is issued. The user will provide the session key to the KDC (TGS) along with the TGT when requesting a service ticket.
- Service Session Key - Issued by the KDC when a ST is issued. All of client and service’s communication will be encrypted with the session key after mutual authentication is completed.