The lynchpin to this approach is that both user and service implicitly trust the Kerberos authentication server (AS);