• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 4.1. Overview of Managing the Directory > Logging On and Authentication

Logging On and Authentication

Almost everything is different in Windows 2000, and the logon and authentication process is no exception. The Windows 2000 default authentication package is Kerberos, although Windows 2000 Domain Controllers also implement NT 4.0-style authentication for support of down-level clients. Kerberos is an industry standard that was developed at Massachusetts Institute of Technology (MIT).

Under Kerberos, when a user is authenticated, they are given a Ticket Granting Ticket (TGT). The TGT allows the user to get another type of ticket that is required to connect to a resource. These other tickets are called Session Tickets. When a user that has been granted a TGT needs to connect to a resource, that user contacts the Key Distribution Center (KDC) in order to get a Session Ticket for that resource. The user then presents that Session Ticket to the resource. The resource mutually authenticates the Session Ticket and allows the user access. By default, tickets in Windows 2000 are good for 10 hours. After that, they are invalid and need to be reissued. Windows 2000 handles this transparently for the user.


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint