NTLM Authentication
1. NTLM (Windows Challenge/Response) is the authentication protocol used on networks that include systems running the Windows operating system and on stand-alone systems.
2. Credentials are based on data obtained during the interactive logon process and consist of a domain name, a user name, and a one-way hash of the user’s password.
3. It uses an encrypted challenge/response protocol to authenticate a user without sending the user’s password over the wire.
4. Interactive NTLM authentication over a network typically involves two systems: a client system, where the user is requesting authentication, and a domain controller, where information related to the user’s password is kept.
5. Non Interactive authentication, which may be required to permit an already logged-on user to access a resource such as a server application, typically involves three systems: a client, a server, and a domain controller that does the authentication calculations on behalf of the server.
Kerberos Authentication
1. Kerberos is a computer network authentication protocol which works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
2. It works based on client–server model and it provides mutual authentication—both the user and the server verify each other’s identity.
3. When a server gets Kerberos authentication information from a client, the server has enough information to authenticate the client, thereby Kerberos doesn’t need pass-through authentication and therefore accelerates the authentication process.
4. It supports for authentication delegation. Windows services impersonate a client when accessing resources on the client’s behalf. In many cases, a service can complete its work for the client by accessing resources on the local computer.
5. Starting with Win2K, Microsoft implements Kerberos as the default authentication protocol for the Windows OS.
Thanks,
Morgan
Software Developer