March 27, 2011, 10:28 a.m.
posted by jin
Kerberos and the Public Key Infrastructure
Authenticating the identity of users during logon is the first step in gaining system access. For local machines not actively participating in a domain, Windows NT LAN Manager (NTLM) protocol is still used to verify a user's name and password. However, in domain environments Microsoft has coupled Active Directory services very closely with the emerging industry standard for authentication from MIT known as Kerberos. Once access is granted, keys are exchanged that permit specific access to other system resources in the domain. This combines underlying Kerberos technology with the Public Key Infrastructure (PKI).
Concepts surrounding both Kerberos and PKI are relatively new in Microsoft environments, and they are important technologies for system administrators to understand. This chapter provides both theoretical and hands-on examination of their implementation on systems running Windows Server 2003.