IT:AD:NTLM

## How it works ##

  • User requests access to client computer.
    • User provides user credentials.
    • The client computer caches the password hash and discards the password.
  • The client computer sends a request to the server, which includes the user name, with request in plain text.
    • The server generates a 16-byte random number called challenge, or nonce, and sends it to the client.
  • Client sends response message.
    • The client uses a password hash generated from the user's password to encrypt the challenge sent by the server.
    • It sends this encrypted challenge in the form of a response back to the server.
  • Server sends challenge and response to domain controller.
    • The server sends the user name, the original challenge, and the response from the client computer to the domain controller.
  • Domain controller compares challenge and response to authenticate user.
    • The domain controller obtains the password hash for the user, and then uses this hash to encrypt the original challenge.
    • Next, the domain controller compares the encrypted challenge with the response from the client computer.
    • If they match, the domain controller sends the server confirmation that the user is authenticated.
  • Server sends response to the client. Assuming valid credentials, the server grants the client access to the requested service or resource.