Re: Digest Authentication on Win2003
From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 06/22/04
- Next message: Bernard: "Re: How to audit IUSR rights?"
- Previous message: Clementius: "Re: Digest Authentication on Win2003"
- In reply to: Clementius: "Re: Digest Authentication on Win2003"
- Next in thread: Srikanth: "Re: Digest Authentication on Win2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 22 Jun 2004 11:13:46 +1000
Hi,
Digest Authentication requires that the user accounts are Domain accounts
(not local accounts), however IIS itself does not need to be running on a
domain controller.
For more information on the requirements to get Digest, and Advanced Digest
authentication working, please get the free sample chapter from my IIS 6.0
security book (there's a link on my homepage: www.adopenstatic.com). The
first section deals in depth with authentication mechanisms and requirements
Cheers
Ken
"Clementius" <anonymous@discussions.microsoft.com> wrote in message
news:uwSzjn%23VEHA.3740@TK2MSFTNGP12.phx.gbl...
: From
:
http://www.microsoft.com/resources/documentation/IIS/6/all/techref/en-us/iisRG_SEC_9.mspx :
: "Digest authentication. This authentication method operates much like
Basic
: authentication, except that passwords are sent across the network as a
hash
: value for additional security. Digest authentication is available only on
: domains with domain controllers running Windows server operating systems."
: Does someone have input about the previous requirements and whether digest
: authentication requires the IIS server to be a domain controller? Thank
you.
: C
:
:
: "Clementius" <anonymous@discussions.microsoft.com> wrote in message
: news:O%23KFpg%23VEHA.2288@TK2MSFTNGP10.phx.gbl...
: > I read on Win2000mag that Digest Authentication requires IIS 5.0 to run
on
: a
: > domain controller. Is this true with IIS 6.0 and Windows 2003? Thank
you.
: C
: >
: > "Clementius" <anonymous@discussions.microsoft.com> wrote in message
: > news:O%237vlU%23VEHA.3696@TK2MSFTNGP10.phx.gbl...
: > > Hi,
: > > We are trying to use Digest Authentication on IIS 6.0. The IIS server
is
: > in
: > > a dmz. The home directory for the default web site points to a share
: > located
: > > on another Win2003 server residing inside the network. We opened the
: > > required ports inbound on the firewall and were able to access the
share
: > > drive from Windows Explorer on the IIS server. When going to IIS defau
lt
: > > page, we are prompted for a username and password (as expected). We
: cannot
: > > login using the administrator account or any other account. We get
: > prompted
: > > 3 times and finally get: HTTP Error 401.3 - Unauthorized: Access is
: denied
: > > due to an ACL set on the requested resource.
: > > The firewall log file does not show any denied traffic from IIS to the
: > > internal server.
: > > Any thoughts? Thanks for your help. C
: > >
: > >
: >
: >
:
:
- Next message: Bernard: "Re: How to audit IUSR rights?"
- Previous message: Clementius: "Re: Digest Authentication on Win2003"
- In reply to: Clementius: "Re: Digest Authentication on Win2003"
- Next in thread: Srikanth: "Re: Digest Authentication on Win2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
