Windows 集成 (NTLM) 身份验证与 Windows 集成 (Kerberos) 身份验证

发布于 2024-11-24 12:59:59 字数 187 浏览 1 评论 0 原文

Windows 集成 (NTLM) 身份验证和 Windows 集成 (Kerberos) 之间有什么区别?

如何在 IIS6

w.rt MSDN中实现这些

What is the difference between Windows integrated (NTLM) authentication and Windows integrated (Kerberos)?

How to implement these in IIS6

w.r.t. MSDN

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

饮惑 2024-12-01 13:00:00

这是一个很好的链接:

http://msdn.microsoft.com/en-us/ library/aa480475.aspx

另外,这将显示您是否启用了 kerberos(协商)(在您的网络服务器上):

cscript adsutil.vbs get w3svc/nnn/NTAuthenticationProviders

注意:nnnn 是 MetaBase 站点 id

过去,kerberos 给我带来了一些问题(当用户拥有太多权限时),导致“400 Bad Request”错误,

请参阅:
http:// /blogs.technet.com/b/surama/archive/2009/04/06/kerberos-authentication-problem-with-active-directory.aspx

here's a good link:

http://msdn.microsoft.com/en-us/library/aa480475.aspx

Also this will show you if kerberos (Negotiate) is on (on your webserver) :

cscript adsutil.vbs get w3svc/nnn/NTAuthenticationProviders

NOTE: nnnn is the MetaBase site id

in the past kerberos has caused me a few problems (when users have too many permissions) resulting in '400 Bad Request' errors

see:
http://blogs.technet.com/b/surama/archive/2009/04/06/kerberos-authentication-problem-with-active-directory.aspx

夜深人未静 2024-12-01 13:00:00

NTLM(Windows 质询/响应)是在包括运行 Windows 操作系统的系统和独立系统在内的网络上使用的身份验证协议。NTLM 凭据基于交互式登录过程中获取的数据,由域名、用户名和用户名组成。名称和用户密码的单向哈希值。

Kerberos 是一种计算机网络身份验证协议,它基于票证工作,允许通过非安全网络进行通信的节点以安全的方式相互证明其身份。它基于客户端-服务器模型工作,并提供相互身份验证 -用户和服务器双方验证对方的身份。

请参阅以下链接以获取清晰的信息。

http://msdn.microsoft。 com/en-us/library/windows/desktop/aa378749(v=vs.85).aspx

http://technet.microsoft.com/en-us/库/cc780469(v=ws.10).aspx

http://windowsitpro.com/security/comparing-windows-kerberos-and -ntlm-身份验证协议

NTLM (Windows Challenge/Response) is the authentication protocol used on networks that include systems running the Windows operating system and on stand-alone systems.NTLM credentials are based on data obtained during the interactive logon process and consist of a domain name, a user name, and a one-way hash of the user's password.

Kerberos is a computer network authentication protocol which works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.It works based on client–server model and it provides mutual authentication—both the user and the server verify each other's identity.

Refer the below links to get clear information.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa378749(v=vs.85).aspx

http://technet.microsoft.com/en-us/library/cc780469(v=ws.10).aspx

http://windowsitpro.com/security/comparing-windows-kerberos-and-ntlm-authentication-protocols

憧憬巴黎街头的黎明 2024-12-01 13:00:00

Kerberos 可以被认为是比 NTLM 更好的选择:
1. 更快的身份验证
2. 相互认证
3.Kerberos是一个开放标准
4. 支持身份验证委派

以下链接是我研究此主题时的最佳答案:

比较 Windows Kerberos 和 NTLM 身份验证协议

Kerberos could be considered as a better option than NTLM:
1. Faster authentication
2. Mutual authentication
3. Kerberos is an open standard
4. Support for authentication delegation

Following link is the best answer as i researched on this topic:

Comparing Windows Kerberos and NTLM Authentication Protocols

So尛奶瓶 2024-12-01 12:59:59

Kerberos 和 NTLM 是不同的算法,用于验证用户密码,而不向服务器泄露密码。有关 NTLMKerberos 在维基百科上。

如果启用 Windows 身份验证,通常会首选 Kerberos,如果该身份验证不可用,则会回退到 NTLM。

  • NTLM 只需要客户端与 Web 服务器通信即可进行身份验证。 Web 服务器处理与域控制器的通信。对于无法从 Internet 访问 DC 的公共站点来说,这是一个优势。不幸的是,NTLM 使用的加密技术已经过时,不再被认为是安全的。 NTLM 只能通过 https 使用。
  • Kerberos需要客户端从域控制器获取票据,这使得它更适合内网场景。然而,Kerberos 更安全并且可以处理委托,其中 Web 服务器可以使用客户端的身份访问其他资源(例如文件服务器)。

Kerberos and NTLM are different algorithms for validating a user's password, without reveiling the password to the server. More info about NTLM and Kerberos at Wikipedia.

If you enable Windows authentication, Kerberos will normally be preferred and if that is not available it will fall back to NTLM.

  • NTLM only requires the client to communicate with the web server in order to authenticate. The web server handles the communication with the domain controller. This is an advantage with publically available sites where a DC cannot be reached from the Internet. Unfortunately the cryptography used by NTLM is outdated and can no longer be considered secure. NTLM should only be used over https.
  • Kerberos requires the client to get a ticket from the domain controller, which makes it more suitable for Intranet scenarios. Kerberos is however more secure and can handle delegation, where the web server can access other resources (e.g.) a file server, using the client's identity.
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文