Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
An operating system can support several authentication protocols, such as NT LAN Manager (NTLM) Authentication Protocol, Kerberos, Secure Sockets Layer (SSL)/Transport Layer Security (TLS), and Digest authentication. APDS is used by NT LAN Manager (NTLM) and the Digest validation protocol to validate the user's credentials at the domain controller. The Kerberos protocol uses APDS to perform the required communication for privilege attribute certificate (PAC) validation.
All these protocols can be supported by any server and rely only on a local user account database except for Kerberos that relies on a mutually trusted third-party called Key Distribution Center (KDC) [MS-KILE]. Therefore, specifications for these protocols can stand entirely on their own. However, in a domain context, when the server is a member of a domain and relies on the domain account database, the domain controller contributes to the authentication and authorization processes. Domain members use the Netlogon Remote Protocol [MS-NRPC] to communicate with the domain controller for purposes of authentication and authorization.
The implementations of these authentication protocols use a variety of methods to communicate with the domain controller in the course of their executions. These methods, collectively referred to as Authentication Protocol Domain Support, are specified in this document.
Sections 1.5, 1.8, 1.9, 2, and 3 of this specification are normative. All other sections and examples in this specification are informative.