8.1 Comparing Windows and UNIX authentication | Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)

Table 8.1 provides an overview of different authentication characteristics and how they are typically implemented on the Windows and the UNIX platform.

Table 8.1: Windows and UNIX Authentication Characteristics
Authentication Characteristic	Windows	UNIX
Authentication Mechanisms	Native support for UserID-Password and Smart Card (only Windows 2000 and later) Other mechanisms available through third-party extensions	Native support for UserID-Password On some UNIX platforms: Smart Card (through special PAM modules) Other mechanisms available through third-party extensions
Authentication Authorities	Local authority Domain authority	Local authority Domain authority (NIS, NIS+ domain, Samba domain)
Authentication Protocol	Plain UserID-password NTLM Kerberos V5 (Windows 2000 and later)	Plain UserID-password Protocol based on crypt(3) hash function Other protocols using special PAM or other modules (Kerberos and others)
Credential Database	Local (SAM) or Centralized (SAM or AD) SAM (Security Database): Any NT4 machine (local or domain authority) and Windows 2000 and later standalone machines and member servers. AD (Active Directory): Windows 2000 domain authorities (domain controllers (DCs))	Local or Centralized (NIS, NIS+, LDAP, or Samba (smbpasswd))
Security Principal Identifiers	SIDs (Security Identifiers): for users, groups, machines	UIDs (User Identifiers): for users GIDs (Group Identifiers): for groups
User Principal Names	Maximum of 20 characters Case insensitive Cannot be identical to group names	Typically a maximum of eight characters Case sensitive Can be identical to group names