Computer security relies on various access control mechanisms to prevent unauthorized users and malicious attackers from gaining access to shared computer resources. Typically, a user goes through a logon procedure in which the computer determines if the user is authorized to use the computer. In order for the user to access resources through a network, the user authenticates with a server that is responsible for authenticating the user and controlling the user's access to the network resources. Typically, there is a single logon request that obtains authorization to access the computer and the network in one logon process.
In a domain-based network, users and machines within the domain are authenticated by a domain controller. The domain controller maintains a user account database and is responsible for authenticating the user by validating the user's credentials. A server receives a logon request and passes the user's credentials securely to the domain controller that is associated with the domain of the user's account. The domain controller validates the credentials and returns to the server those attributes of the user's account that the server can use in authorization decisions. This is commonly referred to as pass-through authentication since the user's authentication request is passed from the server to the domain controller.
There are various authentication protocols that can be used in a logon process. A user's machine maybe using a legacy authentication protocol within a domain that is more susceptible to security risks and vulnerabilities than a recent authentication protocol that has stronger security mechanisms. The identification of the logon protocol used by a user's machine to initiate a logon request is important in maintaining a secure domain.