Aspects
Kerberos
Kerberos is a single sign-on (SSO) network authentication protocol designed to allow nodes, communicating over a non-secure network, to prove their identity to one another in a secure manner.
Ntlm
NTLM (NT LAN Manager) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users.
Performance ways better
| Quality | Example |
|---|---|
| Better |
"In fact in some ways ntlm is better than kerberos" from question "Authenticating against Active Directory with Java on Linux" "I understand that kerberos has better performance than ntlm" from question "Performance difference Kerberos versus NTLM" |
| Better option |
"Kerberos could be considered as a better option than ntlm" from question "Windows integrated (NTLM) authentication vs Windows integrated (Kerberos)" |
Others
| Quality | Example |
|---|---|
| Less |
"But since ntlm is less secure than kerberos why isn t it the other way around" from question "Why is kerberos defaulting to NTLM in WCF?" |
| More secure |
"But as i understand it ntlm disallows the more secure kerberos domain credentials if they re available" from question "Windows Authentication not prompting on Firefox or iOS Safari" |
| Faster |
"Kerberos is complex to set up and even though it generally is considered faster than ntlm this is only true when you reach a certain limit of simultanious users on your site" from question "Access a SharePoint website from a Java application with Kerberos authentication" |
| Slower |
"For a low traffic site the huge tokens that kerberos send across the network actually makes it slower than ntlm" from question "Access a SharePoint website from a Java application with Kerberos authentication" |