How can i tell what aunthentication method i am using Kerb..

[prince]

Archived from groups: microsoft.public.win2000.security (More info?)

We are currently running w2000, is there a way i can check or find out if
we are using Kerberos authentication or ldap authentication?

thanks for the help

 

[Joe]

Archived from groups: microsoft.public.win2000.security (More info?)

I believe LDAP does not provide authentication. Kerberos is an
authentication server and LDAP is used for authorization. Kerberos is used
to prove that you are who you say you are and LDAP decides if who you are
should be allowed to have access to a particular area. However, if you have
Windows 2000 and are running a domain then I don't think you're running LDAP
because you're using Active Directory. Also, Windows 2000 uses Kerberos by
default so unless you changed it you are definitely using Kerberos if you're
using anything at all.
Note: I believe Kerberos can be used in conjunction with LDAP to provide
both authentication and authorization by attaching the authorization info to
the Kerberos authentication tickets.

Joe


"prince" <prince083@hotmail.com> wrote in message
news:uq64kVFsEHA.596@TK2MSFTNGP11.phx.gbl...
> We are currently running w2000, is there a way i can check or find out if
> we are using Kerberos authentication or ldap authentication?
>
> thanks for the help
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Kerberos will be used by default on all W2K/XP Pro/W2003 computers though
there can be exceptions if the time skew between computers is more than five
minutes, which should not normally happen since domain computers will synch
their time with the pdc fsmo, or if a share/computer is accessed by IP
address instead of name. To find out what is being used you can enable
auditing of account logon events in Domain Controller Security policy and
audit logon events for domain computers and examine the logons in the
security log for authentication type. If your domain is all W2K/XP Pro/W2003
it would be a good idea to set the lan manager authentication level security
option to send ntlmv2 Reponses only - refuse lm for Domain and Domain
Controller Security Policy. --- Steve

http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/576.asp
-- description of security option for lan manager authentication level

"prince" <prince083@hotmail.com> wrote in message
news:uq64kVFsEHA.596@TK2MSFTNGP11.phx.gbl...
> We are currently running w2000, is there a way i can check or find out if
> we are using Kerberos authentication or ldap authentication?
>
> thanks for the help
>
>