So far this chapter has covered the basics of Active Directory security without discussing the actual mechanism that implements the security. The primary mechanism for delivering authentication in Active Directory is the Kerberos protocol. The Kerberos protocol was first developed by engineers at the Massachusetts Institute of Technology (MIT) in the late 1980s. The current version of Kerberos is version 5 (Kerberos v5), which is described in RFC 1510. The Windows Server 2003 implementation of Kerberos is fully RFC-1510 compliant, with some extensions for public key authentication.

Kerberos is the default authentication protocol for Windows 2000 Active Directory and for Windows Server 2003 Active Directory. Whenever a Windows ...