Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Kerberos authentication package is used when logging on to a network; local logons are handled by MSV1_0.
When a user logs on using a network account, by default, Kerberos attempts to connect to the Kerberos Key Distribution Center (KDC) on the domain controller and obtain a ticket granting ticket (TGT) by using the logon data supplied by the user.
If a Kerberos KDC is not available, Windows uses MSV1_0 and pass-through authentication as described in MSV1_0 Authentication Package.
The Kerberos authentication package supports version 5, revision 6 of the Kerberos protocol. This protocol is based on Internet RFC 4120. For more information, see the IETF website:
For more information about Kerberos, see Microsoft Kerberos.
Kerberos Credential Formats
The user credentials assigned by the Kerberos authentication package after a successful logon attempt are a ticket and a temporary encryption key, often called a session key. The ticket contains both an encrypted copy of the client's credentials and the session key.