Howdy, Once a session key is established between client and the server, will that key be used for any secure data transfer or for Just Authentication/Authorization alone? An example is:- Client wants to print a document. Printer is the service/server. I am skipping AS protocol for simplication. 1) A session key has been established after TGS(Ticket Granting Ticket Service) has issues a ticket. 2) Client Sent its cerdentials encrypted with its session key. 3) server verifies Clients crentials using its long term password/key and retrieves the session key. Now what will be further use of this session key? In my example, If I am sending a document for printing, will I be using my session key to send the data to be printed? At this juncture can server and Client negotiate TLS and use TLS to do data transfer instead of Session Key? Can a combination of both approaches be used? Are there documents explaining this scenario? How do typical applications behave? Or is it application/service dependent? Thanks. --Payyala
