NTLM and Kerberos ?

[hboogz]

Could someone elaborate, or point me in the right direction, as to when and how NTLM and Kerberos are used in Windows 2003 Active Directory Domain Structure ?

I know NTLM is still used, but in what capacity ?

Kerberos is definitely used, but how and in what capacity ?

Certain software vendors, when listing authentication sources, they list both NTLM and Kerberos -- in the case for MSFT AD 2003 which would you choose and why ?

 

[RebateMonger]

Originally posted by: hboogz
I know NTLM is still used, but in what capacity ?

According to this Wikipedia article:

"NTLM is still used in the following situations:

*The client is authenticating to a server using an IP address.
*The client is authenticating to a server that belongs to a different Active Directory forest, or doesn't belong to a domain.
*No Active Directory domain exists (commonly referred to as "workgroup" or "peer-to-peer").
*Where a firewall would otherwise restrict the ports required by Kerberos (of which there are quite a few)"