Windows clients and NT domain membership.
Christopher R. Hertel
crh at ubiqx.mn.org
Wed Nov 5 19:45:45 GMT 2003
On Wed, Nov 05, 2003 at 11:04:19AM -0800, Matt Seitz wrote:
> Christopher R. Hertel wrote:
> >I've read a few things which state that NT Domains pass "tokens" that
> >allow the client to authenticate with servers without having to re-submit
> >credentials (even cached credentials). That model applies to Kerberos
> >authentication, certainly, but I don't have any evidence that anything
> >like that is outside of Kerberos.
> That is my understanding, too. Perhaps the token idea came out of a
> misunderstanding about how the NETLOGON method allows a member server to
> authenticate a user, as opposed to the Pass-Through method that requires
> the member server to forward the authentication request to a domain
A good guess. I re-read the Philip C. Cox/Paul B. Hill paper covering
NETLOGON just to be sure I had my head on straight.
I am still curious about the differences between W9x/Me/XP-Home vs.
NT/2kx/XP-Pro. I need to set up a domain some time so I can see how a
W9x-type system does authentication when it's a "member" of the domain.
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical