Kerbose, NTLM and LDAP difference

NTLM: Authentication is the well-known and loved challenge-response authentication mechanism, using NTLM means that you really have no special configuration issues. As Microsoft likes to say, “It just works.”

Kerberos: It’s complex ticket-based authentication mechanism that authenticates the client to the server and authenticates the server to the client. While Kerberos is more secure, it can be a bit challenging to set up properly.
Win 2003 with the latest SP can be configured to use either NTLM or Kerberos . Well, besides being more secure, Kerberos has two key advantages that make it worth consideration.

LDAP: It is primarily a directory access protocol. They do different things. LDAP has a primitive authentication mechanism called “simple bind” that applications can use to verify credentials if they can’t handle other authentication protocols. It gets tricky because LDAP also includes an extensible authentication framework called SASL that allows alternate authentication protocols to be added.

Advantages of Kerberos: Better Security, Faster authentication, Mutual authentication, Kerberos is an open standard, Support for authentication delegation, Support for the smart card logon feature.

1. Performance – Kerberos caches information about the client after authentication. This means that it can perform better than NTLM particularly in large farm environments.

2. Delegation – Kerberos can delegate the client credentials from the front-end web server to other back-end servers like SQL Server.

 

Advertisements

One thought on “Kerbose, NTLM and LDAP difference

  1. Sean

    I appreciate these short descriptions. Wikipedia explains them as if you already know what they’re talking about, making it pretty hard to decipher; this was short and sweet.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s