Along with next generation Directory Services, the next release of Windows NT Server will also implement a distributed security model. This distributed security model is based on the MIT Kerberos authentication protocol. Kerberos authentication is used for distributed security within a tree, accommodating both public and private key security using the same Access Control List (ACL) support model of the underlying Windows NT operating system. Next generation Directory Services are the store for the security system, including user accounts, groups, and domains. They replace the registry account database and are a trusted component within the Local Security Authority (LSA).
A single sign-on to the Windows NT domain tree allows user access to resources anywhere in the corporate network. Easy-to-use administrator tools for security policy and account management reduce the cost of deploying Windows NT. Windows NT also provides a foundation for integrated security for Microsoft BackOffice™ family of products application services, including Microsoft Exchange, Microsoft SQL Server™, Microsoft SNA Server, and Microsoft Systems Management Server. The MIT Kerberos V5 authentication protocol is supported with extensions for public key-based authentication in addition to password-based (secret key) authentication.