The transition from NTLM authentication used in Windows NT 4.0 and previous versions to the next version of the Kerberos domain authentication will be very smooth. Windows NT services can support client or server connections using either security protocol. Security negotiation, either by the SSPI layer or the application protocol, provides another option to select the best match from the available security protocol options.
The transition from Enterprise-based services using Kerberos authentication to Internet-based services using public-key authentication is completely transparent to the user. Windows NT support for multiple user credentials makes it possible to use secret-key authentication technology for Enterprise application services with very high performance as well as public-key security technology when connecting to Internet-based servers. Most application protocols support authentication, such as LDAP, HTTP/HTTPS, or RPC, are designed to support multiple authentication services and select those services during connection establishment.
Rather than relying on one single authentication technology and one single authentication protocol, Windows NT will use multiple protocols as needed to fit the application requirements, and the user community requirements for secure network computing.