Windows clients and NT domain membership.

Matt Seitz seitz at
Wed Nov 5 19:04:19 GMT 2003

Christopher R. Hertel wrote:
> I've read a few things which state that NT Domains pass "tokens" that 
> allow the client to authenticate with servers without having to re-submit 
> credentials (even cached credentials).  That model applies to Kerberos 
> authentication, certainly, but I don't have any evidence that anything 
> like that is outside of Kerberos.

That is my understanding, too.  Perhaps the token idea came out of a 
misunderstanding about how the NETLOGON method allows a member server to 
authenticate a user, as opposed to the Pass-Through method that requires the 
member server to forward the authentication request to a domain controller.

More information about the samba-technical mailing list