As of Windows NT version 5.0, normally known by the name Windows 2000, the domain controller (aka [[ActiveDirectory]]) uses [[KerberosV]] for authentication. The resulting TGT tickets use a proprietary authorization data format. There was a big flamefest on this issue, though [[KerberosDCE]] also uses the V5 ticket's authorization data field to store group membership data, the details of Microsoft's format was murky. It is now documented by a paper which essentially requires you to agree to never use the information if you read it, making it similarly useless. [[NathanNeulinger]] has used Windows 2000 to provide authentication for AFS. See his [message](http://lists.openafs.org/pipermail/openafs-info/2002-January/002893.html) to [[OpenAFSInfo]] for details. -- [[TedAnderson]] - 23 Jan 2002 -- [[DerrickBrashear]] - 24 Jan 2002 added the information about the paper. ---- See [[KerberosV]], [[KerberosDCE]].