NTLMv2 and Kerberos

Introduction

Authentication within a Windows domain relies on the NTLM or Kerberos protocols. NTLMv2 is deprecated, but it is still used as a backup when Kerberos fails.

Note: Active Directory is a solution developed by Microsoft for the management of an information system. It contains:

• a resource directory service (LDAP)
• an authentication scheme (Kerberos)
• a domain resolution service (DNS)
• a software policy

In this example, let’s consider the user Alice who tries to authenticate! We detail the authentication scheme for:

• interactive logon: the user provides inputs for authentication against a server or a Domain Controller.
• network logon: the authentication performed by the user as part of interactive logon is used again to log the user on another resource.

Interactive logon with NTLM (TBC)

Note: I’ve never been so sure about the clear-text password for interactive logon.

Network logon with NTLM

Interactive and network logon with Kerberos

Note: Based on original learning material from Microsoft engineers.