Chapter 7. Authentication

As you learned in Chapter 2, authentication is the process by which a computer validates the identity of a user or another computer. Authentication is a core functionality of any network operating system, including Windows Server 2003. Windows Server 2003 actually supports several complete authentication protocols: LAN Manager, NT LAN Manager Versions 1 and 2, and Kerberos. In this chapter, I’ll introduce you to the two main types of protocols, explain how they’re used and configured, and discuss why you might want to use one over the other.

LAN Manager and NTLM

LAN Manager, or LM, is an authentication protocol designed (at its time) to maximize password security in a Windows-based environment. The LM protocol was first used in Microsoft’s LAN Manager product a very long time ago and is still the authentication protocol of choice for older operating systems, such as Windows 95 and Windows NT 3.51 and earlier. Later, when Windows NT was introduced, LM was enhanced and renamed the NTLM authentication protocol. Although NTLM has been around for a long time, it’s still a basically good authentication protocol, and it is the native network authentication protocol of Windows NT 4.0 and earlier operating systems.

A Brief History of LM and NTLM

LM was introduced, as you might expect, in Microsoft’s LAN Manager product of the late 1980s, which evolved over time into Windows NT. It is very similar to NTLM and is supported in most Microsoft products, including Windows ...

Get Securing Windows Server 2003 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.