<div>
Hello Mike<br />
<br />
Thanks for the info...so if we had an application that used NTLM to authenticate, what are the downsides of that for us? Should we push the vendors to utilise Kerberos?<br />
<br />
Or are there any advantages of NTLM over Kerberos?
</div>


Hello Mike

Thanks for the info...so if we had an application that used NTLM to authenticate, what are the downsides of that for us? Should we push the vendors to utilise Kerberos?

Or are there any advantages of NTLM over Kerberos?

<div>
I can't think of NTLM advantages. &nbsp; Yes push vendors to use Kerberos and if they can't ask them why not. &nbsp; They have had plenty of time...the blog below is from 2006<br />
<br />
<a href="http://blogs.technet.com/b/authentication/archive/2006/04/07/ntlm-s-time-has-passed.aspx" rel="ugc">http://blogs.technet.com/b/authentication/archive/2006/04/07/ntlm-s-time-has-passed.aspx</a><br />
<br />
<br />
Thanks<br />
<br />
Mike
</div>


I can't think of NTLM advantages.   Yes push vendors to use Kerberos and if they can't ask them why not.   They have had plenty of time...the blog below is from 2006

http://blogs.technet.com/b/authentication/archive/2006/04/07/ntlm-s-time-has-passed.aspx [http://blogs.technet.com/b/authentication/archive/2006/04/07/ntlm-s-time-has-passed.aspx]


Thanks

Mike

<div>
<div class="content wysiwyg-content">
Hi<br />
<br />
We are using Windows 2003 AD.<br />
<br />
We have many different applications, and some need to authenticate to AD using either Kerberos or NTLM.<br />
<br />
Could someone please clear a few things up for me - <br />
<br />
i. Which one is the 'preferred' authentication mechanism - Kerboros or NTLM?<br />
<br />
ii. MS products such as Outlook, SharePoint etc - which one do they use?<br />
<br />
iii. If I used a product like Wireshark for example, is it possible to see which authentication mechanism was being used?<br />
<br />
iv. Are there any benefits to using Kerberos over NTLM (or vice-versa)<br />
<br />
v. Which one is the 'newer' protocol?<br />
<br />
vi. Can their ports be changed?
</div>
</div>


Hi

We are using Windows 2003 AD.

We have many different applications, and some need to authenticate to AD using either Kerberos or NTLM.

Could someone please clear a few things up for me - 

i. Which one is the 'preferred' authentication mechanism - Kerboros or NTLM?

ii. MS products such as Outlook, SharePoint etc - which one do they use?

iii. If I used a product like Wireshark for example, is it possible to see which authentication mechanism was being used?

iv. Are there any benefits to using Kerberos over NTLM (or vice-versa)

v. Which one is the 'newer' protocol?

vi. Can their ports be changed?

Kerberos and NTLM

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Windows Server 2003

The Windows operating systems have distinct methodologies for designing and implementing networks, and have specific systems to accomplish various networking processes, such as Exchange for email, Sharepoint for shared files and programs, and IIS for delivery of web pages. Microsoft also produces server technologies for networked database use, security and virtualization.