AD vs Kerberos vs LDAP

What is LDAP?

LDAP stands for Lightweight Directory Access Protocol

Draft

Kerberos

Kerberos Authenticating a client / service over an untrusted network

Mutal authentication via symmetric key cryptography

LDAP

LDAP designed for directory creation & management, including directory authentication

Match user credentials with directory credentials via query

  1. LDAP (Lightweight Directory Access Protocol): As you mentioned, LDAP is a protocol used to query and modify items in a directory service. It's often used for centralized authentication, storing information about users, groups, and other objects in a network.

  2. Kerberos: Kerberos is a network authentication protocol that provides secure authentication for users and services over a non-secure network, such as the internet. It uses secret-key cryptography to authenticate clients and servers, ensuring that a client can prove its identity to a server (and vice versa) across an insecure network connection.

  3. Active Directory: Active Directory is a directory service developed by Microsoft for Windows domain networks. It provides a variety of services, including LDAP-based directory services, Kerberos-based authentication, and domain controller services. Active Directory allows administrators to apply security policies, deploy software, and manage users, groups, and devices in a network.

PreviousPentesting Active Directory - Kerberos (Part 2)NextActive Directory Certificate Services Part 1

Last updated