The Directory Server NT Authentication Module project is made of two parts: The first is a simple daemon which takes an NT user's domain credentials (including password) and attempts to authenticate via the SMB protocol with those credentials. The second part is a plugin which takes an LDAP DN and password and discovers the DN's NT domain identifier (if the entry has such an ID). The daemon will only listen on localhost, so the credentials are not exposed via the network, and it does not run as root, so that compromise can be limited. It attempts to locate all the domain controllers for an arbitrary domain, so failure of one DC does not cause the module to fail the authentication attempt unless no DC can be found that will accept the credential.
|Tags||Internet Database Database Engines/Servers|
|Operating Systems||POSIX HP-UX Linux|