Who actually authenticates users?

i was wondering, who actually authenticates users?

In my setup the first factor to login to the system are the LDAP-credentials, but im not shure how this flow works.

As what i think is happening is (in verry simple terminiolgy) that the privacyidea system searches for the user in the AD and asks the DC to authenticate the user via kerberos and let the privacyidea system know if the credentials are valid or not.
Or does the privacyidea system does this bij itself by comparing password hashes?

Or is it something completly different?

From what i see if i capture the traffic it seems like privacyidea tries to authenticate the user, in this case 'Fanny Willen" by authenticate them via the ntlm process.

If someone can explain this flow to me please.

Kind regards

As you can see it is an LDAP bindRequest — not Kerberos.

It can be simpleBind or NTLM.