Advantages of Kerberos over NTLM authentication

Kerberos provides several advantages over NTLM:
– More secure: No password stored locally or sent over the net.
– Best performance: improved performance over NTLM authentication.
– Delegation support: Servers can impersonate clients and use the client’s security context to access a resource.
– Simpler trust management: Avoids the need to have p2p trust relationships on multiple domains environment.

– Supports MFA (Multi Factor Authentication)

NTLMv1 hashes could be cracked in seconds with today’s computing since they are always the same length and are not salted.

NTLMv2 is a little better, since it variable length and salted hash, but not that much better. Even though hash it`s salted before it`s sent, it`s saved unsalted in a machine’s memory.
And off course, when we talk about NTLM, we talk about a challenge/response mechanism, which exposes its password to offline cracking when responding to the challenge.

What are the Kerberos dependencies?

Both the client and the server need to be running W2k or latter versions and be on the same, or trusted domain.

A SPN needs to exist in the AD for the domain account in use to run the service in which the client is authenticating.

What is NTLM?

NTLM is an authentication protocol. It was the default protocol used in old windows versions, but it’s still used today. If for any reason Kerberos fails, NTLM will be used instead.

NTLM has a challenge/response mechanism.

What is Kerberos?

Kerberos is an authentication protocol. It’s the default authentication protocol on Windows versions above W2k, replacing the NTLM authentication protocol.

How do you detect if you have memory pressure in SQL Server?

Below code is a very rudimentary way of finding out if you have memory pressure, the code uses SQL server DMVs:

SELECT total_physical_memory_kb/1024 [Total Physical Memory in MB],
	   available_physical_memory_kb/1024 [Physical Memory Available in MB],
FROM sys.dm_os_sys_memory

SELECT physical_memory_in_use_kb/1024 [Physical Memory Used in MB],
	   process_physical_memory_low [Physical Memory Low],
	   process_virtual_memory_low [Virtual Memory Low]
FROM sys.dm_os_process_memory

SELECT committed_kb/1024 [SQL Server Committed Memory in MB],
	   committed_target_kb/1024 [SQL Server Target Committed Memory in MB]
FROM sys.dm_os_sys_info

Watch out if you see the value of Physical Memory Low or Virtual Memory Low is 1. Then you should consider increasing the memory on the server.

%d bloggers like this: