I know that AS (Authentication Server) is a TTP (Trusted Third Party) because it generates keys for two entities (for the client and the TGS).
But what about TGS (Ticket Granting Server)? It also generates keys for two entities (generates for client and server). So is it also TGS a TTP?
The entire Key Distribution Center (KDC) – which consists of both the AS and the TGS – is a trusted third party. If it's compromised, then it can issue arbitrary tickets for any Service Server.
Within the KDC, the AS is responsible for issuing Ticket-Granting-Tickets. Those are then sent to the TGS in exchange for the actual tickets. The tickets are sufficient for the client to authenticate towards a Service Server.
At least in some implementations like Heimdal, the KDC is a single process, so it makes no sense to treat the AS and the TGS as separate parties.
