Special Edition Using Microsoft Active Directory

Authenticating to the Domain

Getting a Kerberos TGT is the first step in authenticating to the domain and using services on the network. The Kerberos KDC on the domain controller and the Kerberos security support provider (SSP) on the client collaborate to authenticate and authorize the user so he can then take advantage of services throughout the network.

Note

The process of obtaining a TGT and a session key to the computer to which you are logging on completes successfully before you ever see the desktop.

Finding the KDC

Before you can trade credentials with the KDC, you must find one on the network. The client uses the local DNS resolver to query the configured DNS server for the SRV record for a DNS server in its site. This ensures that ...

Get Special Edition Using Microsoft Active Directory now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Special Edition Using Microsoft Active Directory by Sean Fullerton, James Hudson

Authenticating to the Domain

Finding the KDC

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly