Single Sign-On (SSO) for a mixed environment

Win2k default authentication is Kerberos v5 implemented by Microsoft. Can a different authentication method be chosen, and I am not talking about IPSEC? For example, IBM's software for NT like Tivoli's SecureWay Products, other AIX products, Sun or SCO Products. Am I not really asking about a Single Sign-On (SSO) for a mixed environment?

One feature of Windows 2000 is the ability to support different authentication methods via the Security Support Provider (SSP). Windows 2000 supports three primary SSP's. They are:

*Microsoft Kerberos
*NTLM Challenge/Response
*SChannel Security Protocols

While Kerberos is the default authentication method in Windows 2000, other methods could be used through the Security Support Provider Interface or SSPI. The SSPI provides an interface by which the client can communicate with an installed security service library. The idea here is that other third-party security providers developing their own authentication libraries to interface with Windows 2000.

In addition, Windows 2000 uses these network SSPs to provide authentication services using digital certificates:

*Distributed Password Authentication (DPA) - an Internet authentication protocol
*Extensible Authentication Protocol (EAP) - extension to Point-to-Point (PPP) protocol
*Public key-based protocols - this includes SSL, TLS1 and Private Communication Technology

This was first published in June 2001

Dig Deeper on User passwords and network permissions



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: