it:ad:ntlm:home

IT:AD:NTLM

## How it works ##

  • User requests access to client computer.
    • User provides user credentials.
    • The client computer caches the password hash and discards the password.

    * The client computer sends a request to the server, which includes the user name, with request in plain text.

    • The server generates a 16-byte random number called challenge, or nonce, and sends it to the client.
  • Client sends response message.
    • The client uses a password hash generated from the user's password to encrypt the challenge sent by the server.
    • It sends this encrypted challenge in the form of a response back to the server.

    * Server sends challenge and response to domain controller.

    • The server sends the user name, the original challenge, and the response from the client computer to the domain controller.

    * Domain controller compares challenge and response to authenticate user.

    • The domain controller obtains the password hash for the user, and then uses this hash to encrypt the original challenge.
    • Next, the domain controller compares the encrypted challenge with the response from the client computer.
    • If they match, the domain controller sends the server confirmation that the user is authenticated.

    * Server sends response to the client. Assuming valid credentials, the server grants the client access to the requested service or resource.

Resources

  • /home/skysigal/public_html/data/pages/it/ad/ntlm/home.txt
  • Last modified: 2023/11/04 03:28
  • by 127.0.0.1