Authentication in an AD environment
Let's go ahead and revisit our previous example, to see how the authentication process works in an AD environment:
Figure 16.4: Authentication process in AD
The following list summarizes the steps involved in the authentication process:
- Dave sends the username and his long-term key to the KDC (domain controller).
- The KDC checks the username and long-term key with its database and verifies the identity. Then, it generates a TGT. It includes a copy of a session key, which the KDC uses to communicate with Dave. This is encrypted using the KDC's long-term key. It also includes a copy of a session key that Dave can use to communicate with the KDC.
- The KDC responds to Dave with its TGT.
- Dave decrypts his key using his long-term key and the retrieved session key. His system creates a new request, which includes the TGT and the timestamp encrypted by the session key and service ID. Once the request is...
