Microsoft plans to phase out NTLM in Windows 11 in the second half of 2024 and fully shift to Kerberos authentication-It Industry-php.cn

Home

Technology peripherals

It Industry

Microsoft plans to phase out NTLM in Windows 11 in the second half of 2024 and fully shift to Kerberos authentication

PHPz

Jun 09, 2024 pm 04:17 PM

Microsoft

微软计划2024年下半年在Windows 11中淘汰NTLM，全面转向Kerberos认证

In the second half of 2024, the official Microsoft Security Blog published a message in response to the call from the security community. The company plans to phase out the NT LAN Manager (NTLM) authentication protocol in Windows 11, released in the second half of 2024, to improve security.

According to previous explanations, Microsoft has already taken similar actions before. On October 12 last year, Microsoft proposed a transition plan in an official press release aimed at phasing out NTLM authentication methods and pushing more enterprises and users to switch to Kerberos. To help enterprises that may encounter problems with hardwired applications and services after turning off NTLM authentication, Microsoft provides two authentication functions: IAKerb and KDC (Key Distribution Center).

In order to achieve a smooth transition from NTLM to Kerberos, Microsoft has carried out two important tasks. Microsoft has expanded the application scope of Kerberos, and in Windows 11 system, Microsoft has added IAKerb and local KDC functions to Kerberos, which enables Kerberos to perform authentication in diverse network environments and local account environments.

The NTLM hardcoded part has been fine-tuned in the Windows component. These parts are currently in the process of switching to the Negotiate protocol in order to be able to use Kerberos as a replacement for NTLM. By migrating to the Negotiate protocol, these components will be able to support local and domain account authentication via IAKerb and LocalKDC.

NTLM is a Microsoft-specific protocol that uses a challenge/response model to authenticate users and computers and provide authentication services. In contrast, Kerberos is a network authentication protocol that provides authentication services for client/server applications through a key system. It does not rely on the authentication of the host operating system and is more secure and reliable. This move by Microsoft will undoubtedly further enhance the security of Windows systems.

The above is the detailed content of Microsoft plans to phase out NTLM in Windows 11 in the second half of 2024 and fully shift to Kerberos authentication. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Top 21 Developer Newsletters to Subscribe To in 2025Apr 24, 2025 am 08:28 AM

Stay informed about the latest tech trends with these top developer newsletters! This curated list offers something for everyone, from AI enthusiasts to seasoned backend and frontend developers. Choose your favorites and save time searching for rel

Serverless Image Processing Pipeline with AWS ECS and LambdaApr 18, 2025 am 08:28 AM

This tutorial guides you through building a serverless image processing pipeline using AWS services. We'll create a Next.js frontend deployed on an ECS Fargate cluster, interacting with an API Gateway, Lambda functions, S3 buckets, and DynamoDB. Th

CNCF Arm64 Pilot: Impact and InsightsApr 15, 2025 am 08:27 AM

This pilot program, a collaboration between the CNCF (Cloud Native Computing Foundation), Ampere Computing, Equinix Metal, and Actuated, streamlines arm64 CI/CD for CNCF GitHub projects. The initiative addresses security concerns and performance lim

Building a Network Vulnerability Scanner with GoApr 01, 2025 am 08:27 AM

This Go-based network vulnerability scanner efficiently identifies potential security weaknesses. It leverages Go's concurrency features for speed and includes service detection and vulnerability matching. Let's explore its capabilities and ethical

See all articles