Windows clients and NT domain membership.
seitz at metadata-systems.com
Wed Nov 5 19:04:19 GMT 2003
Christopher R. Hertel wrote:
> I've read a few things which state that NT Domains pass "tokens" that
> allow the client to authenticate with servers without having to re-submit
> credentials (even cached credentials). That model applies to Kerberos
> authentication, certainly, but I don't have any evidence that anything
> like that is outside of Kerberos.
That is my understanding, too. Perhaps the token idea came out of a
misunderstanding about how the NETLOGON method allows a member server to
authenticate a user, as opposed to the Pass-Through method that requires the
member server to forward the authentication request to a domain controller.
More information about the samba-technical