How Logon Agent identifies users

Technical Library | Support

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Using Logon Agent for Transparent User Identification > How Logon Agent identifies users

How Logon Agent identifies users

51061 | Using Logon Agent | TRITON AP-WEB and Web Filter & Security | 12-Oct-2015

When users on supported Mac or Windows clients log on to a Windows domain, the logon application is invoked.

1.

The logon application contacts Logon Agent via HTTP.

2.

Logon Agent sends an NTLM authentication challenge, and the logon application provides a user name, hashed password, and IP address to Logon Agent.

3.

Logon Agent verifies the user name/password combination from the logon application by establishing a session with the domain controller. (Logon Agent contacts User Service to determine which domain controller is the logon source.)

4.

After verifying the user name/IP address pair, Logon Agent provides the information to Filtering Service and adds an entry to its user map in local memory. The user map is periodically saved to a backup file, AuthServer.bak.

5.

Filtering Service records user name/IP address pairs to its own copy of the user map in local memory. Filtering Service is not sent confidential information (such as user passwords).

If you use both Logon Agent and DC Agent, Logon Agent takes precedence. DC Agent communicates a logon session to Filtering Service only in the unlikely event that Logon Agent has missed one.

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Using Logon Agent for Transparent User Identification > How Logon Agent identifies users

Copyright 2016 Forcepoint LLC. All rights reserved.