RE: Windows NTFS Authentication Caching

From: Ricky Salmon (ricky_security@sparkhound.net)
Date: 11/01/01


From: "Ricky Salmon" <ricky_security@sparkhound.net>
To: <security-basics@securityfocus.com>
Subject: RE: Windows NTFS Authentication Caching
Date: Thu, 1 Nov 2001 15:02:20 -0600
Message-ID: <KNENIANFBBEADJFLIIDFAECKDLAA.ricky_security@sparkhound.net>

Do you mean NTLM authentication?

-----Original Message-----
From: leon [mailto:leon@inyc.com]
Sent: Thursday, November 01, 2001 8:32 AM
To: cstettler@gpu.com; security-basics@securityfocus.com
Subject: RE: Windows NTFS Authentication Caching

I am not sure I understand the question. I thought NTFS was a type of
file system / format for a harddive????? (for eg ext2, ext3, fat, fat32,
ntfs). So I am not sure how a website could require NTFS
authentication (I think NTFS stands for New Techonology File System.)

Regards,

Leon

-----Original Message-----
From: cstettler@gpu.com [mailto:cstettler@gpu.com]
Sent: Tuesday, October 23, 2001 4:42 PM
To: security-basics@securityfocus.com
Subject: Windows NTFS Authentication Caching

A question for the Windows experts in the group --

A user accesses a company web site from a home PC (any flavor of
Windows).
The web site requires NTFS authentication against the company's domain
controller. The web session requires SSL, but is the company
userid/password cached on the home PC? I'm worried that if the home PC
is
compromised, any cached company account information could be retrieved.

Thanks,
Carol