Technical Library
|
Support
Using Logon Agent for Transparent User Identification
> How Logon Agent identifies users
How Logon Agent identifies users
51061 | Using Logon Agent | TRITON AP-WEB and Web Filter & Security | 12-Oct-2015
When users on supported Mac or Windows clients log on to a Windows domain, the logon application is invoked.
1.
The logon application contacts Logon Agent via HTTP.
2.
Logon Agent sends an NTLM authentication challenge, and the logon application provides a user name, hashed password, and IP address to Logon Agent.
3.
Logon Agent verifies the user name/password combination from the logon application by establishing a session with the domain controller. (Logon Agent contacts User Service to determine which domain controller is the logon source.)
4.
After verifying the user name/IP address pair, Logon Agent provides the information to Filtering Service and adds an entry to its user map in local memory. The user map is periodically saved to a backup file,
AuthServer.bak
.
5.
Filtering Service records user name/IP address pairs to its own copy of the user map in local memory. Filtering Service is not sent confidential information (such as user passwords).
If you use both Logon Agent and DC Agent, Logon Agent takes precedence. DC Agent communicates a logon session to Filtering Service only in the unlikely event that Logon Agent has missed one.
Using Logon Agent for Transparent User Identification
> How Logon Agent identifies users
Copyright 2016 Forcepoint LLC. All rights reserved.