Microsoft released an important news announcement today, announcing that they will launch a new transition plan to deprecate NTLM authentication methods and encourage more enterprises and users to adopt the Kerberos authentication system
In the press release, Microsoft made it clear that Kerberos provides higher security and is more scalable than traditional NTLM, so it has become the preferred default authentication protocol for Windows systems. Although enterprises can choose to turn off NTLM authentication, this may cause problems for some applications and services that are already hard-coded to use NTLM. In order to solve this problem, Microsoft has introduced two new identity authentication functions
Microsoft has launched "Initial and Pass Through Authentication Using Kerberos (IAKerb)", which allows clients that cannot directly connect to a domain controller to authenticate through a visible server. This innovative feature will provide enterprises with greater flexibility and enable a wider range of Kerberos authentication systems Can be used in various scenarios.
Secondly, Microsoft introduced Kerberos’ local key distribution center (KDC) to enhance authentication support for local accounts. This move further consolidates Kerberos as the only Windows system status of the identity authentication protocol. The launch of these two new features will help accelerate the transition of enterprises and users to Kerberos identity authentication methods and improve the overall security of the system
According to the editor’s understanding, NTLM is an A Microsoft-specific authentication protocol that uses a challenge/response model to authenticate users and computers. Similar to its predecessor LanMan, NTLM also uses a challenge/response model to authenticate the client without transmitting a password or password hash over the network. Column. With the implementation of Microsoft's transition plan, Kerberos will gradually replace NTLM, providing stronger security and scalability. This move will help promote security and performance improvements throughout the Windows ecosystem.
The above is the detailed content of Microsoft launches new transition plan: abandon NTLM and fully embrace Kerberos authentication. For more information, please follow other related articles on the PHP Chinese website!