O'Reilly logo

Special Edition Using Microsoft Active Directory by James Hudson, Sean Fullerton

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Authenticating to the Domain

Getting a Kerberos TGT is the first step in authenticating to the domain and using services on the network. The Kerberos KDC on the domain controller and the Kerberos security support provider (SSP) on the client collaborate to authenticate and authorize the user so he can then take advantage of services throughout the network.

Note

The process of obtaining a TGT and a session key to the computer to which you are logging on completes successfully before you ever see the desktop.

Finding the KDC

Before you can trade credentials with the KDC, you must find one on the network. The client uses the local DNS resolver to query the configured DNS server for the SRV record for a DNS server in its site. This ensures that ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required