5.1 Security Considerations for Implementers
Authentication Protocol Domain Support does not have any built-in security mechanisms to provide authentication or to ensure confidentiality and integrity. Instead, it relies on security mechanisms that are specified in [MS-RPCE] section 5 to protect Netlogon RPC [MS-NRPC], which serves as the transport for the protocols defined in this document.
The Digest authentication protocol itself offers some level of protection (that is, it does not send the user's password in the clear) but is considered weaker than Kerberos [MS-KILE] and public key–based authentication (for example, client-side authentication). Consequently, the Digest Protocol Extensions are used only in environments in which these stronger mechanisms are unavailable.