Home > Windows Tips > > Understanding Kerberos in Microsoft Active Directory
Win IT Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 


Understanding Kerberos in Microsoft Active Directory


James Michael Stewart
03.11.2003
Rating: -2.36- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


Anyone who's been in the IT field in the last three years is aware that Windows 2000 Active Directory uses Kerberos as its default and primary authentication protection mechanism. But what most may not know is that Kerberos provides more of the foundation for Active Directory than they may think.

Kerberos is an open-standard security protocol and network authentication service. It is supported by a wide number of platforms, most notably (and widely) by Unix and its variants. Kerberos was designed to provide a means of secure authentication over the Internet.

Microsoft's Active Directory employs Kerberos for numerous activities, including user and system authentication, and authorization of network resource access. Non-Kerberos supporting platforms, such as Windows NT, must rely upon the IP address or some proprietary identification mechanism to provide a system of authentication for users, systems and resource access, but Kerber


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


os uses a form of certificate credentials called tickets to perform a wide range of authentication and authorization functions.

In addition to using Kerberos for authentication and authorization, Active Directory also relies upon Kerberos for its trust relationships. Kerberos trusts are created automatically between domains within a forest. All internal-forest Kerberos trusts are two-way (bi-directional) and transitive. Thus, if domain A trusts domain B and domain B trusts domain C and domain C trusts domain D, then by the transitive nature of Kerberos trusts, domain A trusts domain C and domain D, and domain B trusts domain D as well. The transitive nature of these trusts allows easier administrative control when granting users from one domain access to resources in another domain within the same forest.

James Michael Stewart is a partner and researcher for Itinfopros, a technology-focused writing and training organization.

Rate this Tip
To rate tips, you must be a member of SearchWinIT.com.
Register now to start rating these tips. Log in if you are already a member.




DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Windows Technology Updates, Reviews and Solutions

Laptop Discounts with free coupon codes, huge savings at Notebook Review
HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersIT Downloads
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 1999 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts