Kerberos FAQ
Cannot set GSSAPI authentication names, aborting
- 域缺少 kadmin/admin或kadmin/changepwprincipal
ntlm vs kerberos
- NTLM
- three-way handshake
- password hashing
 
- Kerberos
- two-part process
- ticket granting service / key distribution center.
 
- encryption
 
- two-part process
- Kerberos NTLM as the default authentication tool on Windows 2000
- https://www.crowdstrike.com/cybersecurity-101/ntlm-windows-new-technology-lan-manager/
- NTLM vs KERBEROS
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM