RE: IIS 5.0 and Digest Authentication
From: dave (dave@netmedic.net)
Date: 01/29/03
- Previous message: Porter, Thomas L: "RE: Win2k log management"
- In reply to: Sarbjit Singh Gill: "IIS 5.0 and Digest Authentication"
- Next in thread: H C: "Re: w2k server compromised"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "dave" <dave@netmedic.net> To: <ssgill@gilltechnologies.com>, <focus-ms@securityfocus.com> Date: Tue, 28 Jan 2003 23:31:06 -0500
Gill,
Storing passwords in reversible encryption as I have been told is not a good
Idea. But it is the only way to allow digest authentication on the IIS
server which is safer then basic authentication.
Are you using part of the IIS system that you need authentication on?
Will the challenge/response mechanism of integrated authentication not
suffice?
Dave
Dave Kleiman
dave@netmedic.net
www.netmedic.net
-----Original Message-----
From: Sarbjit Singh Gill [mailto:ssgill@gilltechnologies.com]
Sent: Monday, January 27, 2003 09:54
To: focus-ms@securityfocus.com
Subject: IIS 5.0 and Digest Authentication
Greetings,
Just wanted to enquire the following:
On IIS5.0, on a DC(win2k), if we right click the properties of web
page/virtual directory using Internet Service Manager, under the security,
the digest authentication is sometimes greyed out. We may be in native/mixed
mode does not matter.
If you go and set for any one user properties 'store passwd in reversible
encryption' the digest
authentication option may get highlighted. Actually, this is also not true
all the times, as I have
noticed, this security option is on/off from machine to machine i.e DC to
DC.
Kind Regards
Gill
- Next message: Davide Grangia: "Problems with Pwdump3e"
- Previous message: Porter, Thomas L: "RE: Win2k log management"
- In reply to: Sarbjit Singh Gill: "IIS 5.0 and Digest Authentication"
- Next in thread: H C: "Re: w2k server compromised"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
