Windows 集成 (NTLM) 身份验证与 Windows 集成 (Kerberos) 身份验证
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
![扫码二维码加入Web技术交流群](/public/img/jiaqun_03.jpg)
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
接受
或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
发布评论
评论(4)
这是一个很好的链接:
http://msdn.microsoft.com/en-us/ library/aa480475.aspx
另外,这将显示您是否启用了 kerberos(协商)(在您的网络服务器上):
注意:nnnn 是 MetaBase 站点 id
过去,kerberos 给我带来了一些问题(当用户拥有太多权限时),导致“400 Bad Request”错误,
请参阅:
http:// /blogs.technet.com/b/surama/archive/2009/04/06/kerberos-authentication-problem-with-active-directory.aspx
here's a good link:
http://msdn.microsoft.com/en-us/library/aa480475.aspx
Also this will show you if kerberos (Negotiate) is on (on your webserver) :
NOTE: nnnn is the MetaBase site id
in the past kerberos has caused me a few problems (when users have too many permissions) resulting in '400 Bad Request' errors
see:
http://blogs.technet.com/b/surama/archive/2009/04/06/kerberos-authentication-problem-with-active-directory.aspx
NTLM(Windows 质询/响应)是在包括运行 Windows 操作系统的系统和独立系统在内的网络上使用的身份验证协议。NTLM 凭据基于交互式登录过程中获取的数据,由域名、用户名和用户名组成。名称和用户密码的单向哈希值。
Kerberos 是一种计算机网络身份验证协议,它基于票证工作,允许通过非安全网络进行通信的节点以安全的方式相互证明其身份。它基于客户端-服务器模型工作,并提供相互身份验证 -用户和服务器双方验证对方的身份。
请参阅以下链接以获取清晰的信息。
http://msdn.microsoft。 com/en-us/library/windows/desktop/aa378749(v=vs.85).aspx
http://technet.microsoft.com/en-us/库/cc780469(v=ws.10).aspx
http://windowsitpro.com/security/comparing-windows-kerberos-and -ntlm-身份验证协议
NTLM (Windows Challenge/Response) is the authentication protocol used on networks that include systems running the Windows operating system and on stand-alone systems.NTLM credentials are based on data obtained during the interactive logon process and consist of a domain name, a user name, and a one-way hash of the user's password.
Kerberos is a computer network authentication protocol which works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.It works based on client–server model and it provides mutual authentication—both the user and the server verify each other's identity.
Refer the below links to get clear information.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa378749(v=vs.85).aspx
http://technet.microsoft.com/en-us/library/cc780469(v=ws.10).aspx
http://windowsitpro.com/security/comparing-windows-kerberos-and-ntlm-authentication-protocols
Kerberos 可以被认为是比 NTLM 更好的选择:
1. 更快的身份验证
2. 相互认证
3.Kerberos是一个开放标准
4. 支持身份验证委派
以下链接是我研究此主题时的最佳答案:
比较 Windows Kerberos 和 NTLM 身份验证协议
Kerberos could be considered as a better option than NTLM:
1. Faster authentication
2. Mutual authentication
3. Kerberos is an open standard
4. Support for authentication delegation
Following link is the best answer as i researched on this topic:
Comparing Windows Kerberos and NTLM Authentication Protocols
Kerberos 和 NTLM 是不同的算法,用于验证用户密码,而不向服务器泄露密码。有关 NTLM 和 Kerberos 在维基百科上。
如果启用 Windows 身份验证,通常会首选 Kerberos,如果该身份验证不可用,则会回退到 NTLM。
Kerberos and NTLM are different algorithms for validating a user's password, without reveiling the password to the server. More info about NTLM and Kerberos at Wikipedia.
If you enable Windows authentication, Kerberos will normally be preferred and if that is not available it will fall back to NTLM.