Objective 4.1: Plan and Configure Authentication

Authentication is the process by which credentials are validated. Windows Server 2003 uses several different authentication protocols, including NTLM and NTLMv2, Kerberos v5, Secure Sockets Layer/Transport Layer Security SSL/TLS, Digest authentication, and .NET Passport, to authenticate access to Web services. Some of these protocols can also be used to validate logons. Windows Server 2003 can be configured with several types of trust relationships. Like Windows 2000 Server, Windows Server 2003 can be configured with two-way external trusts between domains. This means that objects in one domain can be given permission to resources in another domain. Windows Server 2003 also introduces the forest trust. Unlike an external trust, a forest trust ensures that every domain in one forest trusts every domain in another forest. This greatly simplifies the administration of trust relationships because in the past individual external trusts needed to be set up between all domains in different forests to achieve a similar result. All members of a Windows Server 2003 forest have an automatic trust relationship that does not need to be configured, because it is created when a child domain domain controller is installed in a forest.