A client can connect to server in several ways. It depends on the current configuration on the server. Each of the login scripts can be done by one or more login methods.

Login methods:

  1. Kerberos
    • Both user (user computer) and server must exist in the same domain.
    • A currently logged in user is verified.
    • Multiple data change between server and client.
    • Name and password are not transferred.
  2. NTML_Server
    • User enters the name and password to domain.
    • The name and secured password (by code AES 128 (192, 256)) are transferred to the server to be decrypted and verified.
    • An encryption key is every time a different (key generating by Diffie-Hellman algorithm).
  3. Custom
    • User enters the name and password from the list of D2LL.
    • The password is hashed by SHA-256 algorithm (+ hash containing a constant from the server for security) and together with name sent to listener.

Login scripts

  1. Under the domain user account:
    • Listener verifies whether the user is a part of domain.
    • The server part of a module is started under the user account.
  2. User is verified in domain:
    • The server part is started up in the context of user under which the Listener is activated.
    • User must be a part of some group in Domain (ActiveDirectory).
      • Group name is in the configuration of listener.
    • Login method: 1, 2
  3. User is verified in the list of users on the server:
    • The server part is started up in the context of user under which it is running.
    • User must exist in the list of users on the target computer:
      1. This list is configured by d2ll, if it is started up by parameter /D2LL+AED (a configuration window will open).
      2. The list may be imported from a file if it is started up by parameter /D2LL+AIM file_name.
      3. After each starting the list will be exported to the file kom.security and it can be used on the other D2LL.
      4. The list contains both domain and local users. It is neither bound on a specific domain nor computer.
    • Login method: 1, 2
  4. Custom list of users (in XML) – D2EM log in:
    • The server part of module is started up in the context of user under which the Listener is activated.
    • The file d2emusers.xml is loaded when d2ll is being started. It contains the list of users and passwords hashed by SHA-256 in hexadecimal code (64 characters).
    • Login method: 3

0 komentárov

Nie ste prihlásený. Akékoľvek zmeny, ktoré vykonáte, sa označia ako anonymné. Ak už máte svoj účet, pravdepodobne sa budete chcieť prihlásiť .