NTLM Protocol
- User requests access. The user tries to log on to the client by providing user credentials. Before logon, the client computer caches the password hash and discards the password. The client sends a request to the server, which includes the user name along with the request in plain text.
sends a challenge message. The server generates a 16-byte random number called challenge, or nonce, and sends it to the client.Server sends response message. The client uses a password hash generated from the user's password to encrypt the challenge sent by the server. It sends this encrypted challenge in the form of a response back to the server.Client sends challenge and response to domain controller. The server sends the user name, the original challenge, and the response from the client computer to the domain controller.Server - Domain controller compares challenge and response to authenticate user. The domain controller obtains the password hash for the user, and then uses this hash to encrypt the original challenge. Next, the domain controller compares the encrypted challenge with the response from the client computer. If they match, the domain controller sends the server confirmation that the user is authenticated.
sendsServer to the client. Assuming valid credentials, the server grants the client access to the requested service or resource.response
NTLM Handshake
When a client needs to authenticate itself to a proxy or server using the NTLM scheme then the following 4-way handshake takes place.
1: C --> S GET2: C <-- S 401 Unauthorized WWW-Authenticate: NTLM 3: C --> S GET ... Authorization: NTLM <base64-encoded type-1-message> 4: C <-- S 401 Unauthorized WWW-Authenticate: NTLM <base64-encoded type-2-message> 5: C --> S GET ... Authorization: NTLM < ... base 64-encoded type-3-message>
6: C <-- S 200 Ok
NTLM Message Types
During the handshaking 3 types of messages are used.Type1 Message- The Type 1 message is sent from the client to the server to initiate NTLM
Type2 Message- The Type 2 message is sent by the server to the client in response to the client's type1 message. It serves to complete the negotiation of options with the client, and also provides a challenge to the client.
Type3 Message-The Type 3 message is the final step in authentication. This message contains the
No comments:
Post a Comment