Re: Disable NTLM so Kerberos falls back to BAsic
From: John White (firstname.lastname@example.org)
From: "John White" <email@example.com> Date: Tue, 8 Apr 2003 15:13:17 +0100
Because our security guys want us to be able to explicitly restrict data
objects per user group rather than giving access to all due to the nature of
some of the data, they also don't like the thought of hard coded accounts in
"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message
> "John White" <firstname.lastname@example.org> wrote in message
> > Hi,
> > I have numerous ASP.NET applications which requires the users to use
> > their NT accounts to access them. These applications delegate to back
> > sql servers (2000) on other domain machines. The trouble is our client
> > is a mix of Win98/NT and Windows 2000. Is there a way any pre win 2000
> > machines are forced to use Basic if they don't support Kerberos like
> > rather than falling back to NTLM which wont delegate??
> > Currently we have to force all basic but management wants this stopped
> > possible so users are automatically "logged" in to the sites.
> I don't know the answer, but just curious - why bother to authenticate
> user to SQL Server? Setup and manage all your permissions on the ASP.NET
> side. Just give access to info and functionality of the application to
> accounts it's appropriate for and use one dummy service account for all
> SQL connections.
> Tom Kaminski IIS MVP
> http://www.iistoolshed.com/ - tools, scripts, and utilities for running