Re: Customizing Security

From: Colin McKinnon (colin.thisisnotmysurname_at_ntlworld.deletemeunlessURaBot.com)
Date: 07/03/04

  • Next message: Colin McKinnon: "Re: Customizing Security" 
    Date: Sat, 03 Jul 2004 16:27:22 GMT

    Tom Jordan spilled the following:

    > Hello,
    >
    > I was wondering if its possible to have users in a domain to
    > authenticate against an external datastore - ie. not active directory.
    > The client has a centralized security system that they would like all
    > systems and servers to use. This same repository will also provide
    > service that need to enforced on the server. If these type of things
    > are feasible, I would greatly appreciate any suggestions on how we can
    > learn more about doing this.
    >

    I was about to say...yes its easy, particularly as I've just written a wee
    wrapper for pam to handle all this stuff but I guess from your reference to
    active directory that your deployment is on Micro$oft. This really narrows
    down your options but there's still plenty of scope for acheiving the
    desired result.

    It mostly depends on what the authentication system is, and more
    specifically what it speaks. Also the other constraints - do you have SSL
    on the server? Do you need to worry about whom signed your certificate? If
    you can't do SSL to the browser can you get a challenge from the
    authentication system and implement an acceptable hash on the browser (md4
    is available for javascript but not DES, crypt, sha-1 AFAIK).

    Without a lot more info about the current implementation its mostly
    guesswork tho.

    HTH

    C.

  • Next message: Colin McKinnon: "Re: Customizing Security"

    Relevant Pages

    • Re: REPOST - IIS6 /WebDAV/NTLM/Kerberos and Remote Storage
      ... >are using to authentication. ... Kerberos tickets target a service ... >authenticate to IIS from the client browser. ... structure on a Win2K server. ...
      (microsoft.public.inetserver.iis)
    • Re: client gets always every first time for every page a 401
      ... When the browser makes a request, ... > the first request to be Anonymous. ... If the server does not accept Anonymous or if the Anonymous ... >> Basic or NTLM authentication, it does not fall back to Anonymous during ...
      (microsoft.public.inetserver.iis.security)
    • RE: logout a browser under integrated security
      ... You may be able to force something through code, but not server ... same browser session, even though they'll initially see a login prompt ... re-authenticate when they have the same browser session open on the client. ... the article Security and Authentication in Content Management Server you ...
      (microsoft.public.inetserver.iis.security)
    • RE: logout a browser under integrated security
      ... due to the browser. ... but not server ... >server by using Basic or NTLM authentication, ... >IIS Authenticates Browser Clients" ...
      (microsoft.public.inetserver.iis.security)
    • Re: IIS Log Files logs 401 HTTP Codes
      ... the browser makes requests assuming no authentication is ... Suppose the browser makes an anonymous request to a server that REQUIRES ...
      (microsoft.public.inetserver.iis.security)