#Kerberos Version 4 operations could be summarised as the following equations:
$$ \begin{align} C \rightarrow AS:& ID_C || ID_{tgs} || TS_1\\ AS \rightarrow C:& E_{K_C}[K_{c,tgs} || ID_{tgs} || TS_2 || \text{Lifetime}_2 || \text{Ticket}_{tgs} ]\\ C \rightarrow TGS:& ID_V || \text{Ticket}_{tgs} || \text{Authenticator}_C\\ TGS \rightarrow C:& E_{K_C, tgs} [K{c,v} || ID_V || TS_4 || \text{Ticket}_V]\\ C \rightarrow V:& \text{Ticket}_V || \text{Authenticator}_{C'}\\ V \rightarrow C:& E_{K_{C,V}} [TS_5 + 1] \end{align} $$
Where:
- \(C\) is the client
- \(AS\) is the Authentication Server
- \(ID\) for \(C\) is the identity of the client, otherwise it is a request from the client to access a server
- \(tgs\) or \(TGS\) stands for Ticket Granting Server
- \(TS\) is the timestamp when the client has initiated the request
- \(E\) is the encryption algorithm using the \(K\) key
- \(\text{Lifetime}\) is the lifetime of the issued ticket
- \(\text{Ticket}_{tgs}\) is a ticket granted to client to access TGS, which is defined as \(E_{K_{tgs}} [K_{c,tgs} || ID_C || AD_C || ID_{tgs} || TS_2 || \text{Lifetime}_2]\)
- \(AD\) contains the device the client used initially produced the request.
- \(V\) is the server intended to be used by the client
- \(\text{Authenticator}_C\) is defined as \(E_{K_{c,tgs}} [ID_C || AD_C || TS_3]\), which is generated by client to validate the \(\text{Ticket}_{tgs}\)
- \(\text{Ticket}_V\) is a ticket granted to client to access the server, which is defined as \(E_{K_V} [K_{C,V} || ID_C || AD_C || ID_V || TS_4 || \text{Lifetime}_4]\)
- \(\text{Authenticator}_{C'}\) is defined as \(E_{K_{c,v}} [ID_C || AD_C || TS_5]\), which is generated by client to validate the $\text{Ticket_{V}$
However, Version 4 is not without flaws. There is a double encryption on the tickets provided to the client (\(\text{Ticket}_{tgs}\) and \(\text{Ticket}_{V}\)). The encryption scheme used by V4 is not secure at all (PCBC, which is a non-standard Data Encryption Standard (DES)#). It is vulnerable to an attack which involves the interchange of the ciphertext blocks. (Version 5 prevents it by providing Cipher Block Chaining (CBC)# mode for encryption). In addition, the same ticket could be used by the client to access a server which is at risk of potential Replay Attack using an old session key. (V5 allows the use of a subsession key, which will be invalid after one connection)