Ask the Expert

Single Sign-On (SSO) for a mixed environment

Win2k default authentication is Kerberos v5 implemented by Microsoft. Can a different authentication method be chosen, and I am not talking about IPSEC? For example, IBM's software for NT like Tivoli's SecureWay Products, other AIX products, Sun or SCO Products. Am I not really asking about a Single Sign-On (SSO) for a mixed environment?

One feature of Windows 2000 is the ability to support different authentication methods via the Security Support Provider (SSP). Windows 2000 supports three primary SSP's. They are:

*Microsoft Kerberos
*NTLM Challenge/Response
*SChannel Security Protocols

While Kerberos is the default authentication method in Windows 2000, other methods could be used through the Security Support Provider Interface or SSPI. The SSPI provides an interface by which the client can communicate with an installed security service library. The idea here is that other third-party security providers developing their own authentication libraries to interface with Windows 2000.

In addition, Windows 2000 uses these network SSPs to provide authentication services using digital certificates:

*Distributed Password Authentication (DPA) - an Internet authentication protocol
*Extensible Authentication Protocol (EAP) - extension to Point-to-Point (PPP) protocol
*Public key-based protocols - this includes SSL, TLS1 and Private Communication Technology

This was first published in June 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: