Sharepoint Authentication-NTLM、Kerberos

NTLM: rely on IIS. need authentication every time you access to secure resources.
Kerberos: rely on a ticket system (KDC). access to multiple secure resources after a single successful authentication. Safer and faster. SPN is essential.

首先客户向IIS询问支持哪些认证方式，IIS回答支持NTLM、Kerberos等，客户端选择NTLM方式发送用户名和密码，IIS再去认证等，IIS、SQL、AD都是背后的工作，NTLM主要是指客户和IIS的交互。