Datasheet
Book IX
Chapter 1
Fundamentals
of Security
1051
Understanding Authentication and Authorization
the user account database — which has a list of the usernames and passwords
allowed to access the system. If the username and password you type are in the
user account database, you are allowed to access the system. Otherwise, you
get an error message and are not allowed access.
Figure 1-6:
A fingerprint
reader is an
example of
biometrics
used for
authenti-
cation.
The name of the account database that stores the usernames and pass-
words is different, depending on the environment. In a Microsoft network,
the account database is the Active Directory Database and resides on a
server known as a domain controller (shown in Figure 1-7).
Generating the access token
When you log on to a Microsoft network environment, the username and
password you type are placed in a logon request message that is sent to the
domain controller to be verified against the Active Directory Database. If
the username and password that you typed are correct, an access token is
generated for you. An access token is a piece of information that identifies
you and is associated with everything you do on the computer and network.
The access token contains your user account information and any groups
of which you are a member. When you try to access a resource on the
network, the user account and group membership in the access token are
compared against the permission list of a resource. If the user account in
49_487389-bk09ch01.indd 105149_487389-bk09ch01.indd 1051 9/10/09 11:03 PM9/10/09 11:03 PM