| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: pass-through credentials |
From: "Hrvoje Mesing"
"John Beckett" wrote
in message news:a3iai1te0b0o8m43samn899ej9fqc9a46o{at}4ax.com...
> If a domain user at a workstation accesses a share on a server, the
> workstation sends the user's credentials to the server. In principle, the
> server asks a domain controller to authenticate the user (in practice,
> using Kerberos, the client sends the server all it needs). This is a
> transitive network logon.
>
> Probably in the context that you are wondering about, a domain user at a
> workstation runs a client app that sends a request to server1. To fulfill
> the request, server1 asks server2 to do something (e.g. a database
> transaction). Server1 uses the user's credentials when sending the request
> to server2, so the transaction is executed with the privilege of the user,
> not the privilege of server1 or server2. That process is known as
> delegation of authentication. The client authorises server1 to represent
> the client. A domain admin has to specify that server1 is trusted to
> perform delegation (i.e. the software running on server1 is known to be
> good, and won't misuse its ability to authenticate as users).
-+-
Very nice!
-+-
M.
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)SEEN-BY: 633/267 270 5030/786 @PATH: 379/45 1 106/2000 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.