NTLM: Authentication is the well-known and loved challenge-response authentication mechanism, using NTLM means that you really have no special configuration issues. As Microsoft likes to say, “It just works.”
Kerberos: It’s complex ticket-based authentication mechanism that authenticates the client to the server and authenticates the server to the client. While Kerberos is more secure, it can be a bit challenging to set up properly.
Win 2003 with the latest SP can be configured to use either NTLM or Kerberos . Well, besides being more secure, Kerberos has two key advantages that make it worth consideration.
LDAP: It is primarily a directory access protocol. They do different things. LDAP has a primitive authentication mechanism called “simple bind” that applications can use to verify credentials if they can’t handle other authentication protocols. It gets tricky because LDAP also includes an extensible authentication framework called SASL that allows alternate authentication protocols to be added.
Advantages of Kerberos: Better Security, Faster authentication, Mutual authentication, Kerberos is an open standard, Support for authentication delegation, Support for the smart card logon feature.
1. Performance – Kerberos caches information about the client after authentication. This means that it can perform better than NTLM particularly in large farm environments.
2. Delegation – Kerberos can delegate the client credentials from the front-end web server to other back-end servers like SQL Server.