Re: Domain authentication

From: "Herb Martin" <news@xxxxxxxxxxxxxx>
Date: Wed, 28 Feb 2007 06:36:53 -0600

"Dharan Prakash" <DharanPrakash@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4496704B-73F3-4595-857F-D8C73FFE9A4A@xxxxxxxxxxxxxxxx

In a typical Active directory - Domain environment, the clients
authenticate
users and this authentication happens in the domain controller.

Technically the "client computers" pass the authentication credentials to
the DC which authenticates the user.

But if the
domain controller is not available or cannot be contacted, authentication
happens at the client itself using cached credentials. I have two queries.
1. Can we configure the client so that the domain authentication happens
using cached credentials most of the time or less frequently contact the
domain controller?

No. The rule is that if a DC is available then it must be used.

Whyever would you wish to avoid such authentication?

2. From the security perspective what are caveats of this approach?

New or changed security settings, or account lockouts and privilege
changes are not seen until a DC is again contacted.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

.

Prev by Date: Re: Users having to much rights !
Next by Date: Re: Domain authentication
Previous by thread: Re: Users having to much rights !
Next by thread: Re: Domain authentication
Index(es):
- Date
- Thread

Relevant Pages

Re: BASIC authentication Issues with IE - Part II - Solved but WHY?
... it does not know the difference between a request from IE or from ... some other HTTP client. ... Some other authentication schemes are more ... IIS can sometimes remember the token for a particular set of credentials so ...
(microsoft.public.inetserver.iis.security)
Re: ISAPI Authentication
... The job of your authentication filter is to accept ... non-Windows credentials from the client and then map them to a Windows ...
(microsoft.public.inetserver.iis.security)
RE: Domain Controller Best Practice - Thanks!
... You may not be sharing your SAM file, but then again you probably don't ... And isn't it just handy that this same system is the Domain Controller. ... Generally speaking and in your defense, you can come up with security ... All user authentication is occurring on this system. ...
(Focus-Microsoft)
Re: Windows Integrated Auth/Basic Auth
... Both Basic and Windows Integrated authentication save their credentials on ... you need to convince the client browser to ... >> Windows Authentication on my web app to give an access ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Anonymous and integrated authentication for Web service
... I tried changing values in the UseDefaultCredentials and Credentials ... You need to write the client appropriately. ... Given this are you saying they both can call the same web service? ... Integrated Windows authentication ...
(microsoft.public.inetserver.iis.security)