What is the difference between ntlm and windows authentication

Mutual authentication 3. Kerberos is an open standard 4. Support for authentication delegation. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Collectives on Stack Overflow. Learn more. Asked 10 years, 3 months ago. Active 5 years, 10 months ago. Viewed 26k times. How to implement these in IIS6 w.

Improve this question. Nitin S Nitin S 5, 9 9 gold badges 46 46 silver badges 86 86 bronze badges. See also serverfault. Add a comment. Active Oldest Votes. NTLM only requires the client to communicate with the web server in order to authenticate. The web server handles the communication with the domain controller. Last Updated : 12 Jun, Kerberos : Kerberos is a ticket based authentication system which is used for the authentication of users information while logging into the system.

Kerberos is based on symmetric key cryptography and depends on a reliable third party and works on the private key encryption during phases of authentication. Different versions of Kerberos are developed for enhancing security in the authentication. Kerberos is generally implemented in Microsoft products like Windows , Windows XP and later windows versions. NTLM is also based on symmetric key cryptography technology and needs resource servers to provide authentication, integrity, and confidentiality to users.

NTLM does not support delegation of authentication and two factor authentication. Attention reader! Contact a domain authentication service on the domain controller for the computer's or user's account domain, if the account is a domain account. Look up the computer's or user's account in the local account database, if the account is a local account. NTLM authentication is still supported and must be used for Windows authentication with systems configured as a member of a workgroup.

NTLM authentication is also used for local logon authentication on non-domain controllers. Kerberos version 5 authentication is the preferred authentication method for Active Directory environments, but a non-Microsoft or Microsoft application might still use NTLM. Reducing the usage of the NTLM protocol in an IT environment requires both the knowledge of deployed application requirements on NTLM and the strategies and steps necessary to configure computing environments to use other protocols.

In a domain, Kerberos is the default authentication protocol.