CNT123 Chapter 08 Keywords
timestamp
A record of the time a message is sent; used in Kerberos authentication. See also Kerberos.
managed service account (MSA)
A service account that enables administrators to manage rights and permissions for services with password management handled automatically.
virtual account
A simple type of service account that doesn't need to be created, deleted, or managed by an administrator.
Key Distribution Center (KDC)
A component of Kerberos that uses the Active Directory database to store keys for encrypting and decrypting data in the authentication process. See also Kerberos.
Security Accounts Manager (SAM) database
A database on stand-alone and member computers that holds local user and group account information.
ticket-granting ticket (TGT)
A digital message used by Kerberos; grants an account access to the issuing domain controller and is used to request a service ticket without having to authenticate again. See also Kerberos.
service ticket
A digital message used by Kerberos; requested by an account when it wants to access a network resource, such as a shared folder. See also Kerberos.
Kerberos delegation
A feature of the Kerberos authentication protocol that allows a service to impersonate a client, relieving the client from having to authenticate to more than one service.
service principal name (SPN)
A name that uniquely identifies a service instance to a client.
GPO scope
A property of GPO processing that defines which objects a GPO affects.
group managed service account (gMSA)
A specially configured managed service account that provides the same functions but can be managed across multiple servers. See also managed service account (MSA).
mutual authentication
A type of authentication in which the identities of both the client and server are verified.
constrained delegation
A type of delegation that limits the delegation to specific services running on specific computers. See also Kerberos delegation.
service account
A user account that Windows services use to log on with a specific set of rights and permissions.
password settings object (PSO)
An Active Directory object that enables an administrator to configure password settings for users or groups that are different from those defined in a GPO linked to the domain.
Kerberos
The authentication protocol used in a Windows domain environment to authenticate logons and grant accounts access to domain resources; also the basis for authorization to network resources in a Windows domain.