본문 바로가기
2011.12.24 05:40

NTLM VS Kerberos

조회 수 5911 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print
NTLM Authentication: Challenge- Response mechanism.


In the NTLM protocol, the client sends the user name to the server; the server generates and sends a challenge to the client; the client encrypts that challenge using the user’s password; and the client sends a response to the server.If it is a local user account, server validate user’s response by looking into the Security Account Manager; if domain user account, server forward the response to domain controller for validating and retrive group policy of the user account, then construct an access token and establish a session for the use.


Kerberos authentication: Trust-Third-Party Scheme.


Kerberos authentication provides a mechanism for mutual authentication between a client and a server on an open network.The three heads of Kerberos comprise the Key Distribution Center (KDC), the client user and the server with the desired service to access. The KDC is installed as part of the domain controller and performs two service functions: the Authentication Service (AS) and the Ticket-Granting Service (TGS). When the client user log on to the network, it request a Ticket Grant Ticket(TGT) from the AS in the user’s domain; then when client want to access the network resources, it presents the TGT, an authenticator and Server Principal Name(SPN) of the target server, contact the TGS in the service account domain to retrive a session ticket for future communication w/ the network service, once the target server validate the authenticator, it create an access token for the client user.


Title
List of Articles
번호 제목 글쓴이 날짜 조회 수
92 Selecting an 802.1X EAP Method: Access Point Considerations Hojung 2015.04.22 2943
91 Good Article about Hotspot Logins with Wi-Fi Devices Hojung 2015.04.20 3140
90 How does 802.1X help wireless security? Hojung 2015.04.22 3191
89 Wireless LAN (Wi-Fi): Standard and Basic Terms file Hojung 2015.04.20 3436
88 Ports used for SNMP Trap and Poll file Hojung 2014.08.22 3856
87 SMTP Client with SSL/TLS Hojung 2013.04.23 4335
86 TCP sessions with untrusted cert file Hojung 2012.02.24 5394
85 Finding the optimal TCPIP receive window size Hojung 2009.07.15 5516
84 QoS lecture from Youtube Hojung 2012.01.05 5670
» NTLM VS Kerberos Hojung 2011.12.24 5911
82 Wi-Fi WPA2 AES(CCMP) 암호화 알고리즘 file Hojung 2015.04.20 6204
81 SOAP 기반 웹서비스와 RESTful 기반 웹서비스 Hojung 2011.12.25 6268
80 Path MTU 와 ICMP Filtering 과의 관계 Hojung 2012.09.20 6411
79 What is SOA? What is REST? Hojung 2011.12.25 6471
78 EAP-AKA 기반의 인증 및 인터넷 접속 흐름 file Hojung 2015.04.20 6548
77 IPSec Overview (good) Hojung 2011.10.19 6672
76 LDAP or RADIUS? (Good) Hojung 2011.12.23 6684
75 [switch vs bridge]5탄 - Cast가 뭐지? Hojung 2007.12.04 7025
74 [switch vs bridge]11탄 - STP 대모험(3) Hojung 2007.12.04 7085
73 [switch vs bridge]12탄 - STP 대모험(최종판) Hojung 2007.12.04 7098
Board Pagination ‹ Prev 1 2 3 4 5 Next ›
/ 5

Designed by sketchbooks.co.kr / sketchbook5 board skin

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5