I understand that Kerberos is the recent authentication protocol used in windows environment and that NTLM is still supported for interoperability only. I want to know in non domain environments,if i am logging to my own pc at home which have windows 10,is the authentication carried by NTLM protocol or Kerberos ?
Also I want to know the NTLM use cases nowadays ?
When you type your password into the sign in screen on Windows for a local account it never leaves the machine. That means the NTLM (or Kerberos) protocol is never invoked. Domain accounts are different. They will attempt to verify against a cached login validator (strong one-way hash) first and then will attempt the network by trying Kerberos first and fall back to NTLM if it fails.
However, to complicate the explanation of things Windows bundles authentication protocols into packages and these packages are what provide sign in functionality to a machine whether its a local account or domain account. ALL sign ins flow through the NTLM package first and handed off to e.g. Kerberos for the actual processing.
Local accounts use the NTLM package to authenticate local users. That package is the thing that knows where password hashes and user metadata are stored.
So no protocols are involved during local user sign in.
https://superuser.com/questions/1340951/what-are-the-use-cases-of-ntlm-authentication-in-modern-windows-ad-domains answers both questions:
NTLM is [...] used for computers that are members of a workgroup as well as local authentication.
There are many use cases where Kerberos does not work, such as accessing resources by IP, web traffic via load balancers (requires special Kerb config), some clustering, and SQL, much cross forest traffic.
So for Active Directory if Kerberos does not work here, authentication will fall back to NTLM. So like often in the Microsoft world it is also a backward compatibility thing so that the things work if new stuff is not there / configured / installed.
