Difference between NTLM and Windows AD using Kerberos

Help! BO Gurus,

This is my first installation and also I am trying to configure SSO using Windows AD with Kerberos.

Trouble, the client has three virtual servers and trying to use the same account for all the three, the true trouble is that the password expires every six months. This is adding up extra steps of runnting ktpass and restarting SIA and Tomcat every six months. The client relies on third party for hosting the domain. So, it has to go to the third party every time to run the ktpass.

Now, we are looking for more options and inquiring the diffrences between Windows AD and NTLM.

What is the differnece between NTLM and Windows AD?
Are there any Pros and cons in deciding which way to go?

Please help answer the above questions. I tried searching the forum but could not get to an answer. So, It will be appreciated greatly if any of you can guide me in the correct direction.

Thank you very much for all the responses in advance.

smekala (BOB member since 2009-12-03)

Better, I should rephrase the first question to - What is the difference between NTLM and Kerberos? 8)

And to answer this question, you can Google -
NTLM vs Kerberos
compare kerberos ntlm

See this URL
http://blogs.msdn.com/b/sql_protocols/archive/2006/12/02/understanding-kerberos-and-ntlm-authentication-in-sql-server-connections.aspx

As I said, most of this information you will find either on Microsoft sites (blogs/forums) or you need to Google it. Here on B B, you will get more information on configuration related to BusinessObjects only. And not the generic comparison of 2 Authentication Protocols.

My suggestion would be - Go for Kerberos (with RC4 encryption). Check with BusinessObjects Support if they started supporting AES encryption or not.

nicholas (BOB member since 2008-07-31)