Kerberos authentication on client boot
Hi,I'm reading many docs about the Kerberos authentication..I still do not know what exactly happens just after when the client enters his username and password (to open a session, at the begginig).Can anyone confirm these three points? :1- kinit is called immediately when the session starts.2- kinit can read the username of the user in c:\windows\system32\configure\sam (if no, where?).3- kinit sends KRB_AS_REQ (containing that username) to the Kerberos server (the KDC).Thanks a lot! Hamza.
March 20th, 2008 5:33pm
Hello, Do you use an UNIX computer to log onto a Windows domain as I saw the "kinit"? Sorry for not familiar with UNIX, but I will list some brief Windows logon processes just for your reference. I hope this could help you to get a general idea of the logon process. 1. After you press the CTRL+ALT+DEL, Winlogon will dispatch a DLL called Graphical Identification and Authentication (GINA). GINA generates the logon dialog box that asks you to enter your user name and password. 2. Then the Local Security Authority (LSA) is called and given the user's name and password. If this account should be authenticated locally, then the LSA checks the accounts information stored locally in the Security Accounts Manager (SAM) database. If this account should be authenticated to the domain, user's information will be verified by the LSA on the Domain Controller instead of the local LSA. The local LSA sends a KRB_AS_REQ message to the KDC's authentication service in the domain. This KRB_AS_REQ message usually includes the user's principal name and the name of the account domain so that the KDC can verify this account. For more information, I would like to suggest that you read the following article in detail, How Interactive Logon Works: http://technet2.microsoft.com/WindowsServer/en/library/779885d9-e5e9-4f27-9c14-5bbe77b056ba1033.mspx?mfr=true Hope this helps. Best regards, Chang Yin Microsoft Online Community Support
March 21st, 2008 2:11pm
I'm using a windows machine client (trying to connect to a windows KDC server). You gave the answer to my question, thank you very much ! Hamza
March 21st, 2008 3:26pm