Figure 2–1 shows the steps involved in authenticating a client by using a name and password. The figure assumes the following points.
The user has already decided to trust the system, either without authentication, or on the basis of server authentication via SSL.
The user has requested a resource controlled by the server.
The server requires client authentication before permitting access to the requested resource.
In Figure 2–1, password authentication is performed in the following steps.
The user enters a name and password.
For the LDAP bind to Directory Server, the client application must bind with a Distinguished Name. Therefore the client application may use the name entered by the user to retrieve the DN.
The client sends the DN and password across the network.
The server determines whether the password sent from the client matches the password stored for the entry with the DN sent from the client.
If so, the server accepts the credentials as evidence authenticating the user identity.
The server determines whether the identified user is permitted to access the requested resource.
If so, the server allows the client to access the resource.