Migrating from NTLM to Negotiate in a nutshell

Migrating to Negotiate from NTLM is quite simple in most cases.  It breaks down into these four simple steps: First, build an SPN for your Service When I talk to people about using Negotiate, there’s often this moment of terror when they realize they’re going to have to build an SPN.  I’ve got my theories…

1

NTLM’s time has passed

  IMHO, Microsoft’s NTLM authentication protocol is getting a bit long on the tooth.  Although we still support it for various reasons (many of which are obvious), you should look very sternly upon it if your application uses it.  In case you’re not familiar with the NTLM protocol, there’s a great write-up at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/microsoft_ntlm.asp.  There’s…

1

New Authentication Functionality in Windows Vista

  GINAs Replaced with New Credential Providers In previous releases, the customization of interactive user logon was done by creating a custom GINA. Despite the name, GINAs were responsible for more than simply gathering authentication information and rendering the UI to collect it. Because of this, custom GINAs were complex to create and usually required…

14

Introducing the team

  The Windows Authentication Team has 4 Program Managers, 8 developers and 8 testers and works on the core Windows authentication components such as the LSA and is responsible for Windows authentication protocols including Kerberos, SSL, NTLM and Digest. We also have one Architect, Paul Leach, who holds the title of Distinguished Engineer (the highest…

1