4. Enter and confirm the password, choose how you want the user to change the
password, and then click Next.
5. Review your choices, use Back if you need to make any changes, and click
Finish when the account is the way you want it.
By establishing this one user account in Active Directory, with the appropriate policies,
the user can sign on anywhere on the network, which may extend over the Internet,
and be authenticated.
Kerberos Authentication
Kerberos Version 5 is the default authentication protocol in Windows Server 2008, and
Kerberos, in several versions, is the default authentication protocol over much of the
Internet. This means that the same authentication routines in Windows Server 2008 can
validate both a local Windows Server 2008 client and an Internet-connected UNIX client.
Kerberos was originally developed by MIT for Internet authentication (http://web.mit
.edu/kerberos/www/). The specification for Kerberos Version 5 is maintained by the
Internet Engineering Task Force (IETF) and, along with an overview, is contained in
Request for Comment 1510 (see Chapter 5 for a discussion of RFCs), which is available
online at http://www.ietf.org/rfc/rfc1510.txt.
In addition to commonality with the Internet and numerous systems, Kerberos
provides another major benefit to Windows Server 2008 users. In other authentication
schemes, each time a user attempts to access a different network service, that service has
to go to the authentication server to confirm the authenticity of the user.
Pages:
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580