A good understanding of Kerberos and the Windows Time Service is critical to be able to diagnose authentication issues. While this article did not have the space to do an exhaustive description ...

Kerberos systems pass cryptographic key-protected authentication “tickets” between participating services. The password hashes are neither sent nor stored, so they can’t be captured and ...

Microsoft has officially deprecated NTLM authentication on Windows and Windows servers, stating that developers should transition to Kerberos or Negotiation authentication to prevent problems in ...

Child domains have a two-way trust with their parent domains, so they will trust each other's Kerberos authentication (they accept each others ride tickets in a way).

Microsoft has announced it is taking steps to eventually disable NTLM (NT LAN Manager) for authentication features in Windows 11 and add new features to Kerberos to take its place.

Affected systems include Windows Server 2025 running Active Directory Domain Services, domain controllers managing Kerberos authentication, environments using dMSAs, and all supported versions of ...

The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console.