NTLM/Kerberos authentication


NTLM/ Kerberos authentication allows users to log in to the Joomla site using their domain credentials.

NTLM: NTLM is the authentication protocol used on networks that include systems running the Windows operating system and on stand-alone systems. NTLM credentials are based on data obtained during the interactive logon process and consist of a domain name, a user name, and a one-way hash of the user's password.

Kerberos: Kerberos is a client-server authentication protocol that enables mutual authentication – both the user and the server verify each other’s identity – over non-secure network connections. The protocol is resistant to eavesdropping and replay attacks, and requires a trusted third party. The Kerberos protocol uses a symmetric key derived from the user password to securely exchange a session key for the client and server to use.

To enable the NTLM / Kerberos authentication:

  • Navigate to the LDAP Provisioning tab.
  • Enable the NTLM SSO checkbox.
  • You can also enter the usernames of the users, whom you do not wish to invoke the NTLM SSO for. (This is useful if you wish to by-pass the login for administrators).
  • Click on the Save button to save your configurations.