Windows NT manages the user's network security credentials transparently after a single successful logon. The user is not concerned about whether a connection to a network server uses NTLM, Kerberos, or a public-key-based security protocol. From the user's perspective, they have logged into the system and now have access to a wide variety of network services available.
Within the enterprise, access to resources is determined by the rights granted to their account or through group membership. Across the Internet, a user's access is based on their identity proven by a private-key signature operation and the corresponding public-key certificate. All of the security protocols rely on some form of user credentials that are presented to a server at connection establishment. Windows NT manages these user credentials and automatically uses the appropriate set of credentials based on the security protocol involved.
The Windows NT Directory Service supports multiple security credentials as part of the secure portion of the user account information. These credentials are used for Enterprise authentication services that use the domain controller for online user authentication. Advanced application servers can support integrated Windows NT authentication by using the Security Service Provider Interface for network authentication.