How does the selective auth functionality work & is it useful for us?
Selective authentication is just a mapping, which could be thought of as an additional filter layer in the KDC’s internal logic, which limits what clients may be granted service tickets to certain resources. It is worth noting that authentication does not imply authorization, so resources are still secured in their usual manner (NTFS permissions for files, various internal authZ models for apps, etc). Selective authentication just adds an additional layer of protection and selectivity, whereby client principals aren’t even allowed to “introduce themselves” to service principals unless specifically allowed for in the selective authentication mapping. See the technet description for more info.
Selective authentication is just a mapping, which could be thought of as an additional filter layer in the KDCs internal logic, which limits what clients may be granted service tickets to certain resources. It is worth noting that authentication does not imply authorization, so resources are still secured in their usual manner (NTFS permissions for files, various internal authZ models for apps, etc). Selective authentication just adds an additional layer of protection and selectivity, whereby client principals arent even allowed to introduce themselves to service principals unless specifically allowed for in the selective authentication mapping. See the technet description for more info.
