Explain the authentication and authorization process for a user logging on to a Windows server environment (Active Directory with Kerberos).
What will be an ideal response?
A client logging on to a Windows domain sends a hash of the user name and password to the Authentication Server (AS). The AS compares the results of the hash to a hash it did on the user name in password in its database. If they match, the AS sends a Ticket-Granting Ticket (TGT) and a timestamp back. This is the authentication portion. For authorization, the client sends the TGT to the Ticket-Granting Service (TGS) for authorization. The TGS sends back a timestamped service ticket, which is often called a token. The client can now use this token as a key to access resources on the entire domain, for as long as the user is authorized, without having to be reauthenticated for every different resource. The token has an expiration time—usually 8 hours—and will have to reauthenticate to receive a new token at that point.
You might also like to view...
____________________ are helpful to use when you are unsuccessful at creating a color you need with CMYK.
Fill in the blank(s) with the appropriate word(s).
VLAN support and Power over Ethernet (PoE) are two important considerations when selecting a network __________.
Fill in the blank(s) with the appropriate word(s).
The ____ value replaces the entire browser window with the linked file, removing all current frames.
a. _blank b. _top c. _self d. _parent
A(n) _________________________ conveys a visual representation of data.
Fill in the blank(s) with the appropriate word(s).