Kerberos and the Public Key Infrastructure





Kerberos and the Public Key Infrastructure

Authenticating the identity of users during logon is the first step in gaining system access. For local machines not actively participating in a domain, Windows NT LAN Manager (NTLM) protocol is still used to verify a user's name and password. However, in domain environments Microsoft has coupled Active Directory services very closely with the emerging industry standard for authentication from MIT known as Kerberos. Once access is granted, keys are exchanged that permit specific access to other system resources in the domain. This combines underlying Kerberos technology with the Public Key Infrastructure (PKI).

Concepts surrounding both Kerberos and PKI are relatively new in Microsoft environments, and they are important technologies for system administrators to understand. This chapter provides both theoretical and hands-on examination of their implementation on systems running Windows Server 2003.


 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows