Windows Server 2003 Security Infrastructures
This nuts and bolts guide is a must-read for anyone wants to know about Windows Server 2003 security and leverage the operating systems' security infrastructure.
TABLE OF CONTENTS Windows Server 2003 Security Infrastructures
Chapter 4: Introducing Windows Authentication
This chapter focuses on the most fundamental security service of any operating system: authentication. Before an entity is given access to a resource on a Windows system, the operating system must validate the entity s identity and check whether it can access that particular resource. The latter process is known as authorization, and it is discussed in greater detail later in this book. The first process is known as authentication and is the topic of discussion in this and the following chapters. The primary purpose of authentication is to prove and validate an entity s identity; it answers the question: to whom or what is the system talking?
The chapter starts off with a general explanation of authentication infrastructure terminology. Then it looks at the Windows authentication architecture and more detailed Windows authentication topics such as the NTLM authentication protocol, the secondary logon feature, credential caching, and strong authentication options for Windows.
4.1 Authentication infrastructure terminology
In an authentication infrastructure, users trust a set of authentication authorities to provide trustworthy authentication services. Authentication authorities are represented by one or more authentication servers. Authentication authorities are also referred to as authentication trusted third parties (TTPs). Every authentication authority reigns over a set of resources located on machines that are part of the authentication authority s kingdom. I will call this kingdom from now on a domain (in NT terminology) but you may as well call it a realm (in Kerberos terminology) or a cell (in DCE terminology) it does not really matter. Anyhow, when a user...
Copyright Hewlett-Packard Development Co., L.P. 2004 under license agreement with Books24x7
