User authentication

The application supports the configuration of Kerberos- and NTLM authentication. When using NTLM authentication, you can configure domain name scans. This will help correctly process different formats of user domain names supported by the NTLM protocol.

It is recommended to use Kerberos authentication because it is the most robust mechanism. NTLM authentication allows hackers to access user passwords by intercepting network traffic.

After the Microsoft update is released (see ADV190023 LDAP Channel Binding and LDAP Signing for details), NTLM user authentication in Kaspersky Web Traffic Security will no longer work.

For both types of authentication, you can create exclusions that let users access web resources without authentication.

In this Help section

Configuring Kerberos authentication

Creating a keytab file

Configuring NTLM authentication

Configuring domain name scans

Adding authentication exclusions

Page top