In nutshell, Kerberos is better than NTLM. Kerberos contact Domain Controller, gets token and uses it to authenticate user. NTLM contacts Web Server which in turn contacts Domain Controller, gets token and authenticates it. Normally Web sites can be set to use only NTLM or Negotiate(Kerberos will be tried, on failure NTLM will be tried). Just refer below fiddler screen shots for some clue.
No comments:
Post a Comment