Re: Disable NTLM so Kerberos falls back to BAsic

From: John White (john.white@telenor.co.uk)
Date: 04/08/03 

From: "John White" <john.white@telenor.co.uk>
Date: Tue, 8 Apr 2003 15:13:17 +0100

Hi Tom,
    Because our security guys want us to be able to explicitly restrict data
objects per user group rather than giving access to all due to the nature of
some of the data, they also don't like the thought of hard coded accounts in
code.

Thanks

John
"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message
news:b6uice$jjq4@kcweb01.netnews.att.com...
> "John White" <john.white@telenor.co.uk> wrote in message
> news:ubGhSWd$CHA.1600@TK2MSFTNGP10.phx.gbl...
> > Hi,
> > I have numerous ASP.NET applications which requires the users to use
> > their NT accounts to access them. These applications delegate to back
end
> > sql servers (2000) on other domain machines. The trouble is our client
> base
> > is a mix of Win98/NT and Windows 2000. Is there a way any pre win 2000
> > machines are forced to use Basic if they don't support Kerberos like
> win2k+,
> > rather than falling back to NTLM which wont delegate??
> >
> > Currently we have to force all basic but management wants this stopped
> where
> > possible so users are automatically "logged" in to the sites.
>
> I don't know the answer, but just curious - why bother to authenticate
each
> user to SQL Server? Setup and manage all your permissions on the ASP.NET
> side. Just give access to info and functionality of the application to
the
> accounts it's appropriate for and use one dummy service account for all
the
> SQL connections.
>
> --
> Tom Kaminski IIS MVP
> http://www.iistoolshed.com/ - tools, scripts, and utilities for running
IIS
> http://mvp.support.microsoft.com/
> http://www.microsoft.com/windowsserver2003/community/centers/iis/
>
>
>

Relevant Pages

  • RE: (Workgroup) is not accessable message!
    ... > way you set up your accounts in different way in some computers. ... > account called TOM, Every machine has to have TOM. ... >> I have four machines in a home network with a Netgear router. ...
    (microsoft.public.windowsxp.network_web)
  • about Nells intelligent dark pool
    ... it accounts a repair too competitive at first her related ... when Zebediah sells the video-taped ... While historians only tour suppers, ... Both improving now, Tom and Allen ...
    (sci.crypt)
  • Re: Why do Apple Mail accounts go off-line spontaneously?
    ... and put all accounts back on line without reentering a password. ... Yahoo is notoriously bad for this, and I see it going offline almost ... I always advocated clicking "cancel" and trying again, ... Tom "Tom" Harrington ...
    (comp.sys.mac.system)
  • Re: Slightly Off Topic: Buying Software with Paypal
    ... checking accounts, not just software. ... PayPal has advised sellers to wait until the payment ... Tom "Tom" Harrington ...
    (comp.sys.mac.apps)
  • Re: 1 Year Text & Binary Newsgroup Access For $12!
    ... Tom J wrote: ... of newsgroup access for only $1 month! ... Accounts include: Free Trial, Free SSL, NNTP and Web access, ... They must be hurting if someone has to spam for them. ...
    (rec.outdoors.rv-travel)