Pass-Through Authentication by liamei12345


									           Pass-Through Authentication
                                    Can happen…

At initial logon when a user is logging on to a trusted domain
 by using the drop down list of domains in the logon dialog
     When connecting to a resource in a trusting domain.

1. NT machine starts and its NetLogon service starts.
2. Machine contacts PDC in the machines own domain. Machine account is
3. User attempts to log on at the machine and selects another domain from the
   drop down list. The user must select the correct domain (the one that has his
   account) from the drop down list in the Begin Logon dialog box.
4. The users account cannot be authenticated in the machine’s domain because
   the user selected another domain.
5. Request for authentication is passed from the domain controller through the
   trust to the domain that the user selected.
6. Domain controller in the domain selected by the user looks for an account and
   checks the password. If found, the Domain controller authenticates the users
   account and passes the SID back to the domain controller in the domain that
   the user is logging on from.
7. Domain controller in the domain that the user is logging on from passes the
   SID to the local NT machine and the authentication is complete.

                   A user is an RLP (real live person).
                       RLPs are never authenticated.
                  Only accounts can be authenticated.
               Windows NT does not care about RLPs.
               Windows NT only cares about accounts.

     Content created and copyright  1998-1999, by David L. Woodall, all Rights Reserved

To top