MicrosoftHow is Kerberos being extended to support networks without a domain controller, when there are only local accounts?
My understanding is that NTLM is the only option that exists for Windows:
- "NTLM doesn’t require local network connection to a Domain Controller."
- "NTLM is the only protocol supported when using local accounts."
- "NTLM works when you don’t know who the target server is."
How is Kerberos being extended to operate on a network of only client PCs?
"These benefits have led to some applications and services hardcoding the use of NTLM instead of trying to use other, more modern authentication protocols like Kerberos."
I'm happy to not hardcode "NTLM".
I hardcode "Negotiate" and let it fallback to "NTLM" when it realizes Kerberos cannot be used because there is no domain controller.
How will Kerberos be updated to support networks where there is no Kerberos server available? Will every PC run it's own embedded domain controller? How will you solve the problem of "non-domain joined" PCs trying to access resources on my PC?
I'm happy to stop using NTLM, you just need to replace it with something.
