NTLM/ Kerberos authentication allows users to log in to the Joomla site using their domain credentials.
NTLM: NTLM is the authentication protocol used on networks that include systems running the Windows operating system and on stand-alone systems. NTLM credentials are based on data obtained during the interactive logon process and consist of a domain name, a user name, and a one-way hash of the user's password.
Kerberos: Kerberos is a client-server authentication protocol that enables mutual authentication – both the user and the server verify each other’s identity – over non-secure network connections. The protocol is resistant to eavesdropping and replay attacks, and requires a trusted third party. The Kerberos protocol uses a symmetric key derived from the user password to securely exchange a session key for the client and server to use.
To enable the NTLM / Kerberos authentication:
Navigate to the LDAP Provisioning tab.
Enable the NTLM SSO checkbox.
You can also enter the usernames of the users, whom you do not wish to invoke the NTLM SSO for. (This is useful if you wish to by-pass the login for administrators).
Click on the Save button to save your configurations.