CSOonline

Advanced authentication can’t cure all security ills

Many companies I work with are interested in beefing up end-user authentication. Usually, this means they’re considering going beyond the standard Windows name-and-password logon to bring in ...
Linux Journal

Centralized Authentication with Kerberos 5, Part I

Account administration in a distributed UNIX/Linux environment can become complicated and messy if done by hand. Large sites use special tools to deal with this problem. In this article, I describe ...
Ars Technica

Internet Explorer always using Kerberos authentication... even when unsupported.

Server: Fully-patched 2008 R2, running Certificate Services. The /certsrv virtual directory is using (I believe) default settings. Specifically, this means it's using Windows Authentication, with NTLM ...
Computerworld

How to use Kerberos Authentication in a Mixed (Windows and Unix) Environment

The Kerberos authentication method originated at the Massachusetts Institute of Technology in the 1980s, as part of a project called Athena. The project involved integrating the computers on the MIT ...
Computer Weekly

Five steps to using the Kerberos protocol

The Kerberos authentication protocol is the default authentication protocol of Windows Server 2003. This section examines how the protocol works by breaking down the complexity of the protocol into ...
CSOonline

Don’t count on Kerberos to thwart pass-the-hash attacks

Several readers responded to my previous post on pass-the-hash attacks, asking if Kerberos authentication versus LANManager, NTLM, or NTLMv2 was an effective defense. It’s a good question, one that I ...
Bleeping Computer

Microsoft deprecates Windows NTLM authentication protocol

Microsoft has officially deprecated NTLM authentication on Windows and Windows servers, stating that developers should transition to Kerberos or Negotiation authentication to prevent problems in the ...