The implementation of the Kerberos V5 protocol by Microsoft is based on standards-track specifications that are recommended to the Internet Engineering Task Force (IETF). After initial domain sign on through Winlogon, Kerberos manages the credentials throughout the forest whenever access to resources is attempted. Using Kerberos authentication within a domain or in a forest allows the user or service access to resources permitted by administrators without multiple requests for credentials. Kerberos authentication supports a delegation mechanism that enables a service to act on behalf of its client when connecting to other services. However, some distributed applications are designed so that a front-end service must use the client computer's identity when it connects to back-end services on other computers. When a client computer authenticates to the service, NTLM and Kerberos protocol provide the authorization information that a service needs to impersonate the client computer locally. In many cases, a service can complete its work for the client by accessing resources on the local computer. Services that run on Windows operating systems can impersonate a client computer when accessing resources on the client's behalf. The benefits gained by using Kerberos for domain-based authentication are: Active Directory Domain Services is required for default Kerberos implementations within the domain or forest. The KDC uses the domain's Active Directory Domain Services database as its security account database.
The Kerberos Key Distribution Center (KDC) is integrated with other Windows Server security services that run on the domain controller. Initial user authentication is integrated with the Winlogon single sign-on architecture.
The Kerberos authentication client is implemented as a security support provider (SSP), and it can be accessed through the Security Support Provider Interface (SSPI). The Windows Server operating systems implement the Kerberos version 5 authentication protocol and extensions for public key authentication, transporting authorization data, and delegation. This topic contains information about Kerberos authentication in Windows Server 2012 and Windows 8. Kerberos is an authentication protocol that is used to verify the identity of a user or host. Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016
0 kommentar(er)
