Security

Authentication Methods in Windows 2000 Server

Windows 2000 Server supports a number of authentication schemes, most notably:

• Windows NT Challenge Response (now known as integrated Windows authentication)
• Kerberos v5 authentication
• Client authentication certificates

Windows NT Challenge Response authentication was the default authentication used prior to Windows 2000 Server. In Windows 2000 Server, Kerberos v5 has replaced Windows NT Challenge Response authentication (now known as integrated Windows authentication) as the default mechanism. For most users the differences between the two are transparent.

Windows 2000 Server also supports client authentication certificates (explained later in this section) as a means to provide authentication credentials. Rather than using a password to gain access information stored in the client certificate, the public key is used. Regardless of whether Windows 2000 Server uses Kerberos v5 authentication, or a client authentication certificate, the result is the same: a user token.

© 1997-1999 Microsoft Corporation. All rights reserved.