Troubleshooting: NTLM and MaxConcurrentApi Concerns

This post discusses NTLM client to server authentication in a distributed forest environment scenario. One of the reasons Kerberos was such a great leap forward compare to NTLM was that we can impersonate a user when trusted to do so, thereby eliminating the need to go trekking all the way back to an authority (domain controller) […]

This post discusses NTLM client to server authentication in a distributed forest environment scenario. One of the reasons Kerberos was such a great leap forward compare to NTLM was that we can impersonate a user when trusted to do so, thereby eliminating the need to go trekking all the way back to an authority (domain controller) in order to authenticate access to a resource.   This doesn’t sound like much of a big gain overall at first look but let me paint a little picture for you on that.  We’re going to use Microsoft Internet Security and Acceleration Server (ISA) in conjunction with Internet Explorer 6 as an example in this case but this behavior can occur with any product which uses NTLM authentication in a similar manner.

Full Article