Re: IIS 6 Integrated Security....risks??


"Roberto López" <rlopez@xxxxxxxxxxxxxxxx> wrote in message news:O%23GrfGoMIHA.4480@xxxxxxxxxxxxxxxxxxxxxxx


"Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx> escribió en el mensaje
news:OE0nqFjMIHA.4880@xxxxxxxxxxxxxxxxxxxxxxx

"Roberto López" <rlopez@xxxxxxxxxxxxxxxx> wrote in message
news:uqen02bMIHA.5160@xxxxxxxxxxxxxxxxxxxxxxx
> Hello,
> My first concern is to ensure that the domain server and all data on it
is
> sure.

Integrated Windows Authentication does not secure your server, or the data
on it.

> And the user names and passwords are secured.

Windows already stores usernames and passwords securely. You need to
protect
these "in transit", and also to ensure that user's do not disclose them to
others

But, with Integrated Windows Autentication the user name and password, as
far as I know, are sent encrypted?

Hi,

With NTLM authentication, the password is hashed using the NTLM v2 mechanism.

With Kerberos Authentication, the client sends an authenticator and service ticket. The username is not encypted, but the password is never transmitted to the server in question (as the trusted third party - the KDC/Domain Controller - knows all the passwords).

Cheers
Ken

.

Relevant Pages

  • problem on sshd setup: public key support
    ... Now I have some problem to setup public key authentication: ... Server refused our key ... # To disable tunneled clear text passwords, ... # Kerberos TGT Passing only works with the AFS ...
    (comp.os.linux.misc)
  • Re: Authentication & Authorization advice
    ... MSDN has a good example of authentication using AD. ... that you never store passwords - even encrypted passwords. ... server and connecting to the database or LDAP server. ... connects to the app server through a firewall to a specified port. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Mac OS X Server Mail Problem
    ... >> change their passwords periodically. ... > That depends a little on how everything is configured in server 10.4, ... although whether this extends to mail authentication depends ... Opinions expressed are not necessarily those of Bolen Books. ...
    (comp.sys.mac.comm)
  • Re: Handheld device remote networking issues into RAS
    ... I know what setting you are talking about in AD to store all passwords in the ... This is off by default in server 2003. ... >> The user domain\user failed an authentication attempt due to the ... >> passwords with reversible encryption, but it is considered a security ...
    (microsoft.public.windows.server.networking)
  • Re: IIS 6 Integrated Security....risks??
    ... Integrated Windows Authentication does not secure your server, ... Windows already stores usernames and passwords securely. ... you need a single authentication store - something like Active ...
    (microsoft.public.inetserver.iis.security)