The default protocol for network authentication in Microsoft® Windows® 2000 is the Kerberos v5 authentication protocol. An emerging authentication standard, the Kerberos protocol provides a foundation for interoperability. It also enhances the security of enterprise-wide network authentication. Key components of the protocol's implementation in Windows 2000 include the integration of initial authentication with the Winlogon single sign-on architecture, the use of Active Directory (the directory service included in Windows 2000) as the domain's security account database, and the implementation of the Kerberos client as a Windows 2000 security provider through the Security Support Provider Interface (SSPI).

In This Chapter

Basic Concepts of Authentication

Authentication Protocols

How Kerberos Authentication Works

Kerberos Components in Windows 2000

Authorization Data

Logging on Interactively

Related Information in the Resource Kit