Microsoft NTLM certification Overview

What is NTLM?

==================

Windows Challenge/Response (NTLMIs an authentication protocol used in networks that include Windows operating systems, and also used in stand-alone systems.

In the network environment, MicrosoftKerberosMore security than NTLM. although Microsoft Kerberos is a good choice, NTLM is currently supported. NTLM must be used on the stand-alone system for logon authentication.

The credential of NTML is based on the data maintained during the interactive login process. The data here includes the domain name, user name, and one-way hash string of the user password. NTML uses the encrypted challenge/response protocol to authenticate a user. The user's password will not be transmitted online. the plaintext password is replaced by a computing statement that proves that the system has accessed the secure NTLM credentials.

Interactive NTLM authentication on the network typically involves two systems: a client system, on which users request authentication, and a domain controller, where the user's password is stored.

In non-interactive authentication, a logged-on user needs to access a resource (such as a server application). Here, three systems are typically involved: a client, a server, and a domain controller. the domain controller performs authentication Calculation on behalf of the server.

Detailed NTLM Process

====================

The following steps show a NTLM non-interactive authentication process. The first step is to provide NTLM credential, which is only part of the non-interactive authentication process.

1. (Only non-Interactive authentication) a user accesses a client computer and provides a domain name, user name, and password. The client computer calculates an encrypted password hash value and loses the real password.
2. The client sends the user name to the server (sent in plain text)Plaintext)
3. The server generates a random number of sixteen bytes, which is calledChallengeOrNonceAnd send the challenge to the client.
4. The client uses the hash of the user password to encrypt the challenge and then returns the encrypted result to the server. This is calledResponse.

5. The server sends the following data to the domain controller:

   • User Name
   • Challenge sent to the client
   • Response retrieved from the client
6. The domain controller uses the user name to obtain the hash value of the user password from the Security Account Manager database. The domain controller uses this hash value to encrypt challenge.
7. The domain controller compares its own encrypted values with the encrypted values received from the client. If they are the same, authentication is successful.
8. The domain controller sends a signal to the application server, telling it that the user's authentication is successful. He is a certain person. after the application server confirms that the user has the right to access himself, it opens some resources for the user to access.

Your application cannot directly access the NTLM security package. Instead, it should useNegotiateSecurity package. If the operating system involved in authentication permits, Negotiate allows your application to use advancedSecurity protocolsBenefits. Currently, the Negotiate security package options includeKerberosAndNTLMThe two. Negotiate methods use Kerberos unless Kerberos is not supported by the authentication operating system.

 

Translated from:

MicrosoftNTLM

The http://msdn.microsoft.com/en-us/library/aa378749 (VS.85). aspx