Contact info for Tech Philly
Home  •  Contact  •  Services  •  Support

            Tech Solutions

PC Upgrades Upgrades
Data Recovery Data Recovery
Computer Repair, Maintenance, and update Maintenance
Security From Viruses, Hackers, and Spyware Security
Network Solutions Networks
Website Search Engine Optimization Google Rank Increase Websites
Computer Repair Philadelphia Gateway Compaq Custom Systems

  • Location Service
  • 24/7 Help

Philadelphia Computer Tech Support
01 - 02 - 03 - 04 - 05 - 06 - 07 - 08 - 09 - 10 - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20 -

In Microsoft Kerberos, a session ticket is also required for access to services on local systems. The same
process takes place for access to local resources; the LSA builds a local access token from the PAC
contained in the session ticket.
Windows 2000 supports several authentication protocols, including Windows NT LAN Manager, Kerberos
v5, Distributed Password Authentication, Extensible Authentication Protocol, and Secure Channel. The two
protocols used for network authentication, for logging on locally or as an interactive user, are NTLM and
Kerberos v5. Kerberos is the default authentication protocol used in Windows 2000; NTLM is provided for
backward compatibility and is also used to authenticate Windows 2000 member and stand-alone servers.
Kerberos provides several advantages over NTLM, which was the authentication protocol of choice in
previous versions of Windows NT. One of the advantages is that Kerberos provides mutual authentication
wherein the client can also verify the identity of the server, which cannot be accomplished using NTLM.
Another advantage is that Windows 2000 Kerberos domains can communicate with Kerberos realms of other
implementations of Kerberos. This cannot be accomplished with NTLM, which is proprietary to Microsoft
operating systems.
Kerberos is made up of several components, including the Key Distribution Center, session tickets, and
ticket-granting tickets. The Key Distribution Center is comprised of two services, the Authentication Service
and the Ticket-Granting Service. Three subprotocols used by Kerberos are the Authentication Service
Exchange, the Ticket-Granting Service Exchange, and the Client/Server Exchange.
Microsoft implements its own flavor of Kerberos in Windows 2000. Microsoft Kerberos adds extensions to
the Kerberos standard to meet specific requirements necessary for Windows 2000, such as the capability to
use public key certificates instead of the normal shared key to log on to Windows 2000 domains. Microsoft
implements the KDC as a service in Windows 2000, and the service is automatically installed on all domain
controllers. Microsoft Kerberos stores the Privilege Attribute Certificate in tickets. The PAC consists of the
userís SID as well as group SIDs for the groups of which the user is a member. The PAC is extracted after
the server authenticates the identity of the user. The server then uses the PAC to create an impersonation
01 - 02 - 03 - 04 - 05 - 06 - 07 - 08 - 09 - 10 - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20 -

  Home Contact Data Recovery Search Engine Web Design/Hosting Networks

Serving the Philadelphia area with the best in tech service and support.

Tech Philly Custom Systems Data Recovery Emergency Service Maintenance Network Service Onsite Service Repair Security Software Spyware Upgrades Viruses Website Design Website Hosting Wireless Computer