Performance analysis of NTLM and Kerberos authentication in Windows 2000 domains.

摘要

Network authentication is an important security measure in any computer network. Authentication is the process of verifying the identity of a network principal (network user, computer, or service). Many network authentication protocols have been developed. Microsoft Windows 2000 supports two primary authentication protocols for LANs: NTLM and Kerberos V5. NTLM is a Microsoft proprietary protocol. Kerberos is an open standard protocol developed at MIT. It has been widely accepted that Kerberos is a more secure and efficient protocol than NTLM. However, there has been no experimental data to back up the efficiency claims. This research demonstrates the performance of Kerberos relative to NTLM in computer networks consisting of Windows 2000 machines. The effects of cryptography protocols on authentication performance are explored.