Student here, I thought that LDAP was the protocol that active directory ( authentication & authorization capabilities ) was built on. Also isn’t Kerberos & LDAP often paired together to provide secure access to resources stored on a directory over the internet?
LDAP is a protocol that is used to obtain information from a database using TCP/IP remotely, Kerberos is an authentication protocol used to authentication principals (users, computer and services) across a network (so a client can gain access to a file server for example) and Active Directory allows you to apply computer policy to clients, servers, users or groups of users. ADDS (Active Directory Domain Services) contains all three, one is the database (Active Directory), one is the authentication service (Kerberos) and one is used to query/modify the database over a network (LDAP). I hopes this clears it up a little for you.
The statement about Kerberos is not true. Kerberos transactions can and do often span multiple domains. This is particularly relevant in environments that use cross-realm authentication, which allows users from one Kerberos realm (or domain) to authenticate to services in another realm.
Helpful comparison.
Student here, I thought that LDAP was the protocol that active directory ( authentication & authorization capabilities ) was built on. Also isn’t Kerberos & LDAP often paired together to provide secure access to resources stored on a directory over the internet?
LDAP is a protocol that is used to obtain information from a database using TCP/IP remotely, Kerberos is an authentication protocol used to authentication principals (users, computer and services) across a network (so a client can gain access to a file server for example) and Active Directory allows you to apply computer policy to clients, servers, users or groups of users. ADDS (Active Directory Domain Services) contains all three, one is the database (Active Directory), one is the authentication service (Kerberos) and one is used to query/modify the database over a network (LDAP). I hopes this clears it up a little for you.
The statement about Kerberos is not true. Kerberos transactions can and do often span multiple domains. This is particularly relevant in environments that use cross-realm authentication, which allows users from one Kerberos realm (or domain) to authenticate to services in another realm.
Smooth explanation. THANKS!!!!
Underrated!
very helpful
great video