NTLM and Kerberos protocols

This article explains how two most common authentication mechanisms (NTLM and Kerberos) work. Both authentication protocols are based on symmetric key cryptography. The protocols themselves are platform independent. NTLM Authentication NTLM is the default authentication protocol prior to Windows 2000 and still prevalent today as backup to Kerberos. It is based on challenge/response mechanism. User … Read moreNTLM and Kerberos protocols

Introduction to Authentication Frameworks (PAM and SSPI)

This article gives a very brief high-level introduction to PAM (Pluggable Authentication Module) and SSPI (Security Support Provider Interface) as authentication frameworks in Linux and Windows respectively. PAM The Pluggable Authentication Module (PAM) architecture provides a powerful abstraction for user IAM using pluggable authentication model Unix platforms. It defines a generic API for authentication and … Read moreIntroduction to Authentication Frameworks (PAM and SSPI)

SASL Authentication Mechanisms

Introduction Authentication is used in many protocols (such as LDAP binding) and it usually involves sending password. Given the nature of authentication protocol, its traffic encryption is usually mandatory. Simple Authentication and Security Layer (SASL) is introduced to ensure the security during authentication. It is not a single protocol, but rather a framework for authentication … Read moreSASL Authentication Mechanisms

OAuth and OpenID Connect

OAuth 2.0 and OpenID Connect 1.0 are different types of protocols and they are often confused. When we talk about IAM (identity and access management), we should distinguish between AuthZ and AuthN: AutheNtication (AuthN, aka Identity Management) is about validating user’s identity by verifying that the user trying to connect is actually who it claims … Read moreOAuth and OpenID Connect

Lightweight Directory Access Protocol (LDAP)

Introduction Originally LDAP only refers to the connectivity protocol to the directory server. This term is being used loosely today and it also refers to the actual directory service that supports and complies with LDAP. LDAP v3 is the current version developed in RFC 2251. A directory is information about some set of entities such … Read moreLightweight Directory Access Protocol (LDAP)

Cryptography basics 2 of 2

My previous post outlines several core concepts around cryptography, such as asymmetric key encryption, digital certificate, the encoding formats and relevant file extensions. In this article, we continue to explore cryptography use cases, where these concepts are connected and put into application. The most important use case is TLS handshake. I cannot stress enough how … Read moreCryptography basics 2 of 2