Back to Proxy service main section
Artica allows you to connect your Artica appliance with your Active Directory.
The Active Directory feature require a valid Enterprise Edition.
The main benefit using the Active Directory is the “silent authentication” with Proxy Edition
It means the browser automatically sends the Windows session credentials to the proxy using NTLM or Kerberos method.
In this case, the user did not have to put its credentials in a login box.
The connection to the Active Directory and the Proxy can be done using 3 ways:
See also
NT LAN Manager known as NTLM is a Microsoft proprietary Authentication Protocol used in Windows for authenticating between clients and servers.
NTLM has been replaced as the default authentication protocol in Windows 2000 by Kerberos.
However, NTLM is still maintained in all Windows systems for compatibility purposes between older clients and servers.
At the time of writing this article, NTLM is still available with Active Directory 2016/2019/2022
The NTLM connection requires very few prerequisites, which is at least to use the Active Directory DNS servers.
In some cases, it will be necessary to use NTLM:
The main difference between NTLM and Kerberos is the way the two protocols handle authentication.
NTLM relies on a three-way handshake between the client and server to authenticate a user.
Kerberos uses a two-part process that relies on a ticketing service or key distribution center.
Another major difference is whether passwords are hashed or encrypted.
NTLM relies on password hashing, which is a one-way function producing a text string from an input file; Kerberos uses encryption, which is a two-way function scrambling and unlocking information using an encryption key and a decryption key respectively.
Although Kerberos is Microsoft's default authentication method today, NTLM serves as a backup.
If Kerberos fails to authenticate the user, the browser attempts to use NTLM instead.
Unlike the NTLM or Kerberos method, this method uses the LDAP protocol (port 389 or 686) to verify user credentials.
This method is not "silent" because it does not care if the workstation belongs to the Windows domain.
This means that a message box will appear asking your users to enter their credentials.