Kerberos SSP/AP Home
Kerberos SSP/AP

The Kerberos authentication package is used when logging on to a network; local logons are handled by MSV1_0.

When a user logs on using a network account, by default, Kerberos attempts to connect to the Kerberos Key Distribution Center (KDC) on the domain controller and obtain a ticket granting ticket (TGT) by using the logon data supplied by the user.

If a Kerberos KDC is not available, Windows uses MSV1_0 and pass-through authentication as described in MSV1_0 Authentication Package.

The Kerberos authentication package supports version 5, revision 6 of the Kerberos protocol. This protocol is based on Internet RFC 1510. For more information, see the IETF Web site:

http://www.ietf.org

For more information about Kerberos, see Microsoft Kerberos.

Kerberos Credential Formats

The user credentials assigned by the Kerberos authentication package after a successful logon attempt are a ticket and a temporary encryption key, often called a session key. The ticket contains both an encrypted copy of the client's credentials and the session key.

Send comments about this topic to Microsoft

Build date: 11/19/2009

© 2009 Microsoft Corporation. All rights reserved.   Terms of Use | Trademarks | Privacy Statement
Page view tracker
Rate the Lightweight library
x
Lightweight builds on ScriptFree (loband) by adding features you've requested: a SearchBox and default code language selection.
Do you like the SearchBox?
Do you like the tabbed code blocks?
How useful is this topic?
Tell us more.
Thanks
x
You're helping to improve MSDN Online.
Feedback
Switch View
x
Classic
Lightweight Beta
ScriptFree
Switch View