Chapter 19: Identity and Access Services
Windows Authentication
LM
NTLM
NTLMv2
Kerberos
LDAP (X.500)
X.500 is the formal name for Directory Access Protocol, or DAP. This was developed my the DoD and shared with the open-source community via a Freedom of Information Act request, becoming LDAP, or Lightweight DAP. And LDAP consists of:
Key Distribution Center (a service on port 88)
Authentication Service
Ticket Granting Service
Key Distribution Center (KDC)
The KDC uses Kerberos for key distribution.
Kerberos
Kerberos is single sign-on. There are lots of details to it, and you should have seen the video in the previous lesson from CBT Nuggets. Here is Professor Messer’s take on it, which offers some different details.
Remote Access
PAP
CHAP
MSCHAPv2
RADIUS and TACACS+
Authentication
Authorization
Accounting
TACACS+ and RADIUS
Terminal Access Controller / Access Control System Plus is a Cisco protocol similar to RADIUS, if you’re familiar with that. It’s a remote-access protocol that gives you pass-through to an internal authentication server, like AD.
Open Authorization Standards
SAML
OpenID Connect
OAUTH
Shibboleth
Cloud Authentication
https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html