STkt的加密部分包含客户端的名称、身份验证服务生成的一个可供客户端和服务器使用的会话密钥，以及STkt的有效期。

The encrypted portion of the STkt contains the name of the client, a session key generated by authentication service that client and server can use, and a lifetime of STkt.

youdao

身份验证服务的总体目标是，与客户端希望向其进行身份验证的服务器安全地交换客户端身份和会话密钥。

The whole purpose of the authentication service is to securely exchange the client identity and session key to the server to which the client wants to authenticate.

youdao

服务器不需要将保密密钥发送回客户端，因为客户端已经拥有了这个保密密钥。

There's no need for the server to send the secret key back to the client, because the client already has it available.

youdao