5.2 Authentication Methods

This section provides details on the various authentication mechanisms used for validating the connections that happen over different protocol or ports. DSfW authenticates in different ways, depending on the type of authentication and the protocols and ports that are used.

  • Login: When the user logs in, network authentication happens through Kerberos or NTLM .

  • LDAP over TCP: LDAP communication over the TCP protocol happens through Kerberos or NTLM with the help of the Simple Authentication and Security Layer (SASL) framework for authentication and data security.

  • LDAP over IPC: In case of LDAP communication over the IPC protocol, authentication and authorization are based on the process identity represented by the effective UID. The local root user is granted full access and can assume the identity of other directory users using SASL-IPC External mechanism.

  • SMB: Authentication with SMB happens through Kerberos or NTLM.

  • RPC: Authentication with RPC happens through Kerberos or NTLM.

  • RPC portmapper: No authentication is required for communicating with the RPC portmapper server.

  • DNS: When a workstation is joined to the domain, the authentication happens through Kerberos. No authentication is required for a DNS lookup.

  • NTP: Authentication to NTP happens through the MD5 encryption algorithm.

  • rsynch over SSH: Authentication for rsynch data transmission over an SSH channel happens through Kerberos. The SSH channel connection is established by using the identity of the domain controller.