3.2 Example 2: Interactive Domain Logon - Service Ticket for Client Computer

The examples in the following subsections describe interactive domain logons to obtain service tickets. They build on the use case for Interactive Domain Logon: Service Ticket for Client Computer (section 2.5.3.1.1) by using a user name and password or an X.509 certificate.

Interactive domain logon can be performed several ways: through the Netlogon RPC interface [MS-NRPC] with password-based authentication, through Kerberos [MS-KILE] [RFC4120] with passwords, or through Kerberos PKINIT [MS-PKCA] [RFC4556] by using an X.509 certificate. The examples in the following subsections show the password-based and the X.509 certificate-based Kerberos exchanges.