NT Domain authentication.

Christopher R. Hertel crh at ubiqx.mn.org
Sat Oct 25 19:08:51 GMT 2003

I am aware of two methods of NT Domain authentication.

The first is pass-through (security=server) mode, in which the client thinks
it is logging into a server, but the server is passing the
challenge/response through to a DC.

The second is a NetLogon (security=domain).

Some clients (eg., a W2K) will perform a "domain logon", which uses the NT
Domain account as the authentication source for allowing a user to log on to
the client box.  That is, getting to the desktop requires authentication
against the DC.  No biggie.

Question is:  Once the user has authenticated against the DC, does the
              client OS keep track of some token or other in order to
              simplify logons to domain member servers?

I imagine that the client might cache the user's credentials
(username/password or username/hash) but, as I understand it, there is no
token or ticket-based mechanism (a. la. Kerberos) employed in the NT Domain


Chris -)-----

"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the samba-technical mailing list