redman20111
asked on
Kerberos and NTLM
Hi
We are using Windows 2003 AD.
We have many different applications, and some need to authenticate to AD using either Kerberos or NTLM.
Could someone please clear a few things up for me -
i. Which one is the 'preferred' authentication mechanism - Kerboros or NTLM?
ii. MS products such as Outlook, SharePoint etc - which one do they use?
iii. If I used a product like Wireshark for example, is it possible to see which authentication mechanism was being used?
iv. Are there any benefits to using Kerberos over NTLM (or vice-versa)
v. Which one is the 'newer' protocol?
vi. Can their ports be changed?
We are using Windows 2003 AD.
We have many different applications, and some need to authenticate to AD using either Kerberos or NTLM.
Could someone please clear a few things up for me -
i. Which one is the 'preferred' authentication mechanism - Kerboros or NTLM?
ii. MS products such as Outlook, SharePoint etc - which one do they use?
iii. If I used a product like Wireshark for example, is it possible to see which authentication mechanism was being used?
iv. Are there any benefits to using Kerberos over NTLM (or vice-versa)
v. Which one is the 'newer' protocol?
vi. Can their ports be changed?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I can't think of NTLM advantages. Yes push vendors to use Kerberos and if they can't ask them why not. They have had plenty of time...the blog below is from 2006
http://blogs.technet.com/b/authentication/archive/2006/04/07/ntlm-s-time-has-passed.aspx
Thanks
Mike
http://blogs.technet.com/b/authentication/archive/2006/04/07/ntlm-s-time-has-passed.aspx
Thanks
Mike
ASKER
Thanks for the info...so if we had an application that used NTLM to authenticate, what are the downsides of that for us? Should we push the vendors to utilise Kerberos?
Or are there any advantages of NTLM over Kerberos?