Re: Client/Server application with single login-SecureStream?
- From: Dominick Baier [DevelopMentor] <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 18 Jan 2006 18:22:08 +0000 (UTC)
Hi,
NegotiateStream will fallback to a protocol called NTLM to do non-Domain based authentication, you need
a) mirrored accounts on both machines or b) specifiy credentials to use
http://www.leastprivilege.com/NegotiateStreamAndNTLM.aspx
--------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com
If kerberos will only work with domain accounts, then would it be possible to use NegotiateStream to authenticate a client on a server that is NOT a member of a domain? You said that Kerberos will only work on machines that belong to the same domain, or to domains that trust each other, but I'm looking at a case where client A is a member of domain D, and server B is connected to the same network as A, but is not a member of any domains (just a windows server box configured on a workgroup). Will B still be able to authenticate the client if it opens a secureStream connection? In other words, if B is not a member of the domain, can it still contact the domain controller to authenticate?
.
- References:
- Prev by Date: Re: Which Certificate store does IIS look at
- Next by Date: Re: Which Certificate store does IIS look at
- Previous by thread: Re: Client/Server application with single login-SecureStream?
- Next by thread: Re: FIPS Validated AES Encryption
- Index(es):
Relevant Pages
|
Loading
