Use the Authentication tab to specify the authentication protocols supported by the servers in this pool.
Use this list to specify the type of authentication supported by the servers running Office Communications Server 2007 R2 in this pool. There are three authentication protocol options:
Both NTLM and Kerberos
The servers in this pool will issue challenges using either NTLM or Kerberos authentication, depending on the capabilities of the client.
The servers in this pool will issue challenges using only Kerberos authentication.
The servers in this pool will issue challenges using only NTLM authentication.
Learn More Online
Click to expand or collapse
Kerberos is the strongest password-based authentication scheme available to clients, but it is typically available only to internal clients because it requires a client connection to a Kerberos domain controller. This setting is appropriate if the server authenticates only internal users.
NTLM is password-based authentication available to clients that use a challenge-response hashing scheme on the password. This is the only form of authentication available to clients without connectivity to a Kerberos domain controller (for example, remote users). If a server only authenticates remote users, or Kerberos is otherwise undesirable, NTLM is the preferred choice.
When a server supports both remote and internal users, the recommended choice is to configure it to support authentication using both Kerberos and NTLM. Internal clients use Kerberos, while the Edge Server and internal servers communicate to ensure that only NTLM authentication is offered to remote clients.