1. Kerberos:
Kerberos 是一种基于票据的身份验证系统,用于在登录系统时对用户信息进行身份验证。 Kerberos 基于对称密钥加密,依赖于可靠的第三方,并在身份验证阶段处理私钥加密。开发了不同版本的 Kerberos 以增强身份验证的安全性。 Kerberos 通常在 Windows 2000、Windows XP 和更高版本的 Windows 等 Microsoft 产品中实现。
2. NTLM:
NTLM(新技术 LAN 管理器)是一种专有的 Microsoft 身份验证协议。 NTLM 也是基于对称密钥加密技术,需要资源服务器为用户提供身份验证、完整性和机密性。 NTLM 不支持身份验证委托和两因素身份验证。 NTLM 通常在 Windows 95、Windows 98、Windows ME、NT 4.0 等较早的 Windows 版本中实现。
Kerberos 和 NTLM 的区别:
| S.No. | Kerberos | NTLM |
|---|---|---|
| 1. | Kerberos is an open source software and offers free services. | NTLM is the proprietary Microsoft authentication protocol. |
| 2. | Kerberos supports delegation of authentication in multi-tier application. | NTLM does not support delegation of authentication. |
| 3. | Kerberos supports two factor authentication such as smart card logon. | NTLM does not provide smart card logon. |
| 4. | Kerberos has the feature of mutual authentication. | NTLM does not have the feature of mutual authentication. |
| 5. | Kerberos provides high security. | While NTLM is less secured as compared to kerberos. |
| 6. | Kerobos is supported in Microsoft Windows 2000, Windows XP and later windows versions. | NTLM is also supported in earlier windows versions such as Windows 95, Windows 98, Windows ME, NT 4.0. |