it:ad:ntlm:home

IT:AD:NTLM

* (UP)

## How it works ##

  • User requests access to client computer.
    • User provides user credentials.
    • The client computer caches the password hash and discards the password.

    * The client computer sends a request to the server, which includes the user name, with request in plain text.

    • The server generates a 16-byte random number called challenge, or nonce, and sends it to the client.
  • Client sends response message.
    • The client uses a password hash generated from the user's password to encrypt the challenge sent by the server.
    • It sends this encrypted challenge in the form of a response back to the server.

    * Server sends challenge and response to domain controller.

    • The server sends the user name, the original challenge, and the response from the client computer to the domain controller.

    * Domain controller compares challenge and response to authenticate user.

    • The domain controller obtains the password hash for the user, and then uses this hash to encrypt the original challenge.
    • Next, the domain controller compares the encrypted challenge with the response from the client computer.
    • If they match, the domain controller sends the server confirmation that the user is authenticated.

    * Server sends response to the client. Assuming valid credentials, the server grants the client access to the requested service or resource.