본문 바로가기
2011.12.24 05:40

NTLM VS Kerberos

조회 수 5538 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print
NTLM Authentication: Challenge- Response mechanism.


In the NTLM protocol, the client sends the user name to the server; the server generates and sends a challenge to the client; the client encrypts that challenge using the user’s password; and the client sends a response to the server.If it is a local user account, server validate user’s response by looking into the Security Account Manager; if domain user account, server forward the response to domain controller for validating and retrive group policy of the user account, then construct an access token and establish a session for the use.


Kerberos authentication: Trust-Third-Party Scheme.


Kerberos authentication provides a mechanism for mutual authentication between a client and a server on an open network.The three heads of Kerberos comprise the Key Distribution Center (KDC), the client user and the server with the desired service to access. The KDC is installed as part of the domain controller and performs two service functions: the Authentication Service (AS) and the Ticket-Granting Service (TGS). When the client user log on to the network, it request a Ticket Grant Ticket(TGT) from the AS in the user’s domain; then when client want to access the network resources, it presents the TGT, an authenticator and Server Principal Name(SPN) of the target server, contact the TGS in the service account domain to retrive a session ticket for future communication w/ the network service, once the target server validate the authenticator, it create an access token for the client user.


Title
List of Articles
번호 제목 글쓴이 날짜 조회 수
92 Selecting an 802.1X EAP Method: Access Point Considerations Hojung 2015.04.22 2439
91 How does 802.1X help wireless security? Hojung 2015.04.22 2655
90 EAP-AKA 기반의 인증 및 인터넷 접속 흐름 file Hojung 2015.04.20 5583
89 Wi-Fi WPA2 AES(CCMP) 암호화 알고리즘 file Hojung 2015.04.20 5112
88 Good Article about Hotspot Logins with Wi-Fi Devices Hojung 2015.04.20 2571
87 Wireless LAN (Wi-Fi): Standard and Basic Terms file Hojung 2015.04.20 2848
86 Ports used for SNMP Trap and Poll file Hojung 2014.08.22 3368
85 SMTP Client with SSL/TLS Hojung 2013.04.23 3920
84 How to extract original file from pcap (wireshark) file Hojung 2013.02.26 6985
83 웹브라우저에서 인증서 보안경고 후 계속 진행시 다시 액세스함 file Hojung 2012.12.24 6747
82 Path MTU 와 ICMP Filtering 과의 관계 Hojung 2012.09.20 5904
81 TCP sessions with untrusted cert file Hojung 2012.02.24 4871
80 IP Fragmentation을 이용한 공격기술들 file Hojung 2012.02.24 6339
79 XML, SOAP, WSDL, UDDI 설명 (Good) Hojung 2012.02.02 18896
78 QoS lecture from Youtube Hojung 2012.01.05 5260
77 What is SOA? What is REST? Hojung 2011.12.25 6039
76 SOAP 기반 웹서비스와 RESTful 기반 웹서비스 Hojung 2011.12.25 5863
» NTLM VS Kerberos Hojung 2011.12.24 5538
74 LDAP or RADIUS? (Good) Hojung 2011.12.23 6218
73 IPSec Overview (good) Hojung 2011.10.19 6133
Board Pagination ‹ Prev 1 2 3 4 5 Next ›
/ 5

Designed by sketchbooks.co.kr / sketchbook5 board skin

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5