Just as a quick review of Chapter 11, “Understanding Network Access Security and Kerberos,” let's go over the key elements of authentication and authorization in Window Server 2003:
A security principal is a user, computer, or group that needs to access a resource either on a local computer or on a server.
The primary means of authenticating a security principal is Kerberos. Legacy NTLMv2 (NT LanMan version 2) and LM (LanMan) authentication is available for supporting downlevel clients.
Authenticated security principals receive a Privilege Access Certificate (PAC) that contains their security information. The PAC includes the principal's Security ID (SID) along with the SIDs for any groups that have the security ...