AnsweredAssumed Answered

Kerberos or passthru authentication with Active Directory?

Question asked by brazen on Apr 14, 2010
Latest reply on Aug 17, 2011 by brazen
Kerberos and passthru authentication seem to fill the same niche in regards to authenticating to Active Directory.  They both support SSO, both support CIFS, and neither support syncing user details.  But kerberos is more secure and supports newer protocols, so it's seems to me kerberos would be the better choice between kerberos or passthru.  Is this correct?

I only wonder because all the documentation I find (through Google) for using Alfresco with Active Directory talks about passthru instead of kerberos.  I haven't been using Alfresco for long, so I didn't know if maybe kerberos was just very new and all that documentation is outdated, or if maybe I was missing some reason for why passthru would be used instead of kerberos.

For example, this wiki page http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Example_1:_Advanced_AD_Chain
suggest using the following auth chain:

alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap-ad

but it seems to me something like this would be better:

alfrescoNtlm1:alfrescoNtlm,kerberos1:kerberos,ldap1:ldap-ad

Outcomes