AD encryption

  • Thread starter Thread starter David
  • Start date Start date
D

David

Dear all:



What¡¦s the encryption method did AD use when I login to AD server?





Thank you for your reply!
 
David said:
Dear all:



What¡¦s the encryption method did AD use when I login to AD server?
Click to expand...

If the client is at least Win2000 then the authentication
exchange follows the Kerberos protocol.
 
Herb Martin said:
If the client is at least Win2000 then the authentication
exchange follows the Kerberos protocol.
Click to expand...

I would just like to add in that the encryption algorithms used by Kerberos
are RC4 and DES. Both are used at different stages in the authentication
process.
 
circa Sun, 5 Dec 2004 17:26:47 -0000, in
microsoft.public.win2000.active_directory, Simon Geary
([email protected]) said,
I would just like to add in that the encryption algorithms used by Kerberos
are RC4 and DES. Both are used at different stages in the authentication
process.
Click to expand...
It's also important to note that authentication != encryption.
Kerberos is an authentication protocol, not an encryption protocol,
and encryption used in the Kerberos authentication process may vary
based upon implementation and configuration. :-)

Laura
 
Dear all:

Many thanks for your reply!
And where can setup the encryption method for AD user's authentication?
 
David said:
Dear all:

Many thanks for your reply!
And where can setup the encryption method for AD user's authentication?
Click to expand...

You cannot really do this -- except withint the obvious
limitations of deciding which methods of authentication
will be supported for older clients (Win9x and NT).

You are not really going to be able to control the
encryption (of the authentication) directly as that is
decided/chosen by the protocol between the client and
the server (DC.)

You might want to explain what you are really trying
to accomplish and see if anyone can offer a suggestion
to that.

--
Herb Martin

 
circa Mon, 6 Dec 2004 21:14:42 +0800, in
microsoft.public.win2000.active_directory, David
([email protected]) said,
Dear all:

Many thanks for your reply!
And where can setup the encryption method for AD user's authentication?
Click to expand...
You probably wouldn't do it the way that it sounds like you want to.
There are areas in which you can select the encryption methods and
algorithms for communications, but without knowing more specifically
what you're looking to do, it's kind of a wide-open answer. :-)

Laura
 
Back
Top