TABLE OF CONTENTS Authentication is the process of verifying an identity (ensuring a user really is who he purports to be) for the purpose of authorizing or granting certain permissions to that identity. Through the years, Microsoft has used various mechanisms for user authentication. In this section, we will analyze the mechanisms Microsoft has used to authenticate security principals (user and machine accounts) and for relaying authentication between servers. We also discuss the mechanisms supported by Microsoft client operating systems. Next, we analyze the authentication mechanisms supported by various Microsoft clients, seeing how they will determine the authentication mechanism used for our design. Finally, we explore trusts and the authentication mechanisms used both inside and between forests in a design.
Different operating systems and service pack levels provide different authentication mechanisms for Microsoft clients. Windows Server 2003 provides full backward compatibility for previous Microsoft operating systems, but it is preferred to limit the use of or, whenever possible, to disable older authentication mechanisms. In the following sections, we analyze the effects of client operating systems and applications used within the enterprise on the Active Directory design. Next, we compare the LAN Manager authentication protocols to Microsoft's implementation of the Kerberos authentication system. Finally, we see how Microsoft's implementation of Kerberos may be used with other Kerberos-enabled operating systems for trusted authentication.
Let's start with an analysis of the clients that exist on today's networks and how Microsoft Windows Server 2003 provides an authentication mechanism for each.
