How can i tell what aunthentication method i am using Kerb..

Archived from groups: microsoft.public.win2000.security (More info?)

We are currently running w2000, is there a way i can check or find out if
we are using Kerberos authentication or ldap authentication?

thanks for the help
2 answers Last reply
More about aunthentication method kerb
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    I believe LDAP does not provide authentication. Kerberos is an
    authentication server and LDAP is used for authorization. Kerberos is used
    to prove that you are who you say you are and LDAP decides if who you are
    should be allowed to have access to a particular area. However, if you have
    Windows 2000 and are running a domain then I don't think you're running LDAP
    because you're using Active Directory. Also, Windows 2000 uses Kerberos by
    default so unless you changed it you are definitely using Kerberos if you're
    using anything at all.
    Note: I believe Kerberos can be used in conjunction with LDAP to provide
    both authentication and authorization by attaching the authorization info to
    the Kerberos authentication tickets.

    Joe


    "prince" <prince083@hotmail.com> wrote in message
    news:uq64kVFsEHA.596@TK2MSFTNGP11.phx.gbl...
    > We are currently running w2000, is there a way i can check or find out if
    > we are using Kerberos authentication or ldap authentication?
    >
    > thanks for the help
    >
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Kerberos will be used by default on all W2K/XP Pro/W2003 computers though
    there can be exceptions if the time skew between computers is more than five
    minutes, which should not normally happen since domain computers will synch
    their time with the pdc fsmo, or if a share/computer is accessed by IP
    address instead of name. To find out what is being used you can enable
    auditing of account logon events in Domain Controller Security policy and
    audit logon events for domain computers and examine the logons in the
    security log for authentication type. If your domain is all W2K/XP Pro/W2003
    it would be a good idea to set the lan manager authentication level security
    option to send ntlmv2 Reponses only - refuse lm for Domain and Domain
    Controller Security Policy. --- Steve

    http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/576.asp
    -- description of security option for lan manager authentication level

    "prince" <prince083@hotmail.com> wrote in message
    news:uq64kVFsEHA.596@TK2MSFTNGP11.phx.gbl...
    > We are currently running w2000, is there a way i can check or find out if
    > we are using Kerberos authentication or ldap authentication?
    >
    > thanks for the help
    >
    >
Ask a new question

Read More

Security Authentication Microsoft Windows