TABLE OF CONTENTS Understanding Windows Authentication
Understanding Linux Authentication
Designing Linux-Based Authentication Services
Migrating from NT / Exchange or Active Directory
Summary
Solutions Fast Track
Frequently Asked Questions
Authentication is one of the most important and widely used network services. The ability to control access to network resources is primarily dependent on being able to reliably determine WHO you are. In most cases, authentication of users consists of validating credentials consisting of one or more factors: something you know (username, password), something you have (token), or something you are (biometric).
Authentication can be as simple as matching as typed password to a clear-text password stored in a local file. However, the security, scalability, reliability, and feature set requirements of all but the smallest companies mean utilizing an authentication scheme featuring an authentication service that interacts with a directory service (which may or may not be running on the same machine). Authentication credentials (such as usernames and password hashes) are stored in the directory, not within the authentication service. With the directory acting as a centralized repository of this information, you can build flexible authentication methodologies that allow for centralized control of distributed heterogeneous authentication services.
To an end user at a Windows workstation, one of the most visible examples of authentication occurs when the user types a username and password and logs in to the workstation. Understanding Windows Authentication examines authentication, logon script, drive mapping, and other processes that take place during login to a Windows workstation.
