How does domain authentication work

Secure Global Desktop 4. Windows domain authentication allows users to log in to SGD if they belong to a specified Windows or Windows Server domain.

At the SGD login screen, the user types either a common name for example Indigo Jones , a user name for example indigo , or an email address for example indigo indigo-insurance. SGD searches the local repository for a user profile with a Name attribute that matches the user name typed by the user.

If there is no match, the search is repeated on the Login Name attribute, and finally on the Email Address attribute. If a user profile is found, the Login Name attribute of the user profile is treated as the Windows domain user name. Stack Overflow for Teams — Collaborate and share knowledge with a private group.

Create a free Team What is Teams? Learn more. How does Microsoft Active Directory handle user authentication? Asked 9 years, 7 months ago. Active 9 years, 7 months ago. Viewed 22k times. Improve this question. Master of Celebration Master of Celebration 1 1 gold badge 1 1 silver badge 5 5 bronze badges. Not really; in case all goes to hell in your domain, it's the machine with the PDC role that acts as tie-breaker for any and all conflicts. What you say is correct, but it's still not a PDC.

Because if so that's really specific and should be spelled out here MDMarra yeah In above example, Dave and Server A have regular communications. They exchange confidential data between them more often. In order to protect this communication, they agreed on a common secret to use to verify their identities before exchange data. If its correct its identify him as Dave and allowed further communication.

Communication between Dave and Server A, happens in open network which means there are other connected systems. Sam is a user connected in same network where dave is in. He is aware about communication between Dave and Server A. He has interest about data exchange between them and like to get his hands on those. He starts to listen to traffic between these two hosts to find out the secret they use. Once he founds it, he starts to communicate to Server A and says he is Dave and also provides the secret Kerberos solved this challenge by using shared symmetric cryptographic key instead of the secrets.

It uses same key to encryption and decryption. Kerberos name came from three headed strong dog in Greek mythology. As the three-headed dog, Kerberos protocol has three main components. Before we look in to Kerberos in detail, better to understand how typical key exchange works. Now it needs a symmetric key to start communication with Server A. This key only should use by Dave and Server A. By the looks of it seems quite straight forward, but in server point of view there are few challenges.

But if there are hundred connections, it need to store all the keys involves. This will cost resources for server A. However, actual Kerberos protocol operation is more efficient than this. KDC is responsible for two main functions.

In example, when Dave logs in to the system, it needs to prove KDC that he is exactly the same person that he claims to be. KDC also maintain a copy of this key in its database.