Re: Can i run more then one session on the computer?

From: Paul Adare (padare_at_newsguy.com)
Date: 09/20/05

Next message: Rhett Gong [MSFT]: "Re: Callback function to handle CRYPT_USER_PROTECTED action"
Previous message: MCSEGURU: "Re: Can i run more then one session on the computer?"
In reply to: MCSEGURU: "Re: Can i run more then one session on the computer?"
Next in thread: MCSEGURU: "Fast User Switching in Domain Member mode / Authentication Ticket security risks"
Reply: MCSEGURU: "Fast User Switching in Domain Member mode / Authentication Ticket security risks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 20 Sep 2005 06:41:48 -0400

In article <uZeLM0cvFHA.2568@TK2MSFTNGP10.phx.gbl>, in the
microsoft.public.security news group, MCSEGURU <mcseguruhere@aol.com>
says...

> and therefore does not have the hightened security of a
> computer certificate for Kerberos Authentication encryption, and without
> that trust, will send usernames and more importantly passwords across the
> network much more frequently,
>

Sorry "guru" but you've got some technical inaccuracies here. A domain
environment does not automatically provide certificates for use with
Kerberos authentication. That requires a public key infrastructure to be
in place, and even then, certificates are only involved in the user, not
computer logon process, and only if using a smart card for logon.
Secondly, even in a pass-through authentication environment, passwords
are _never_ sent across the wire.

-- 
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern 
computer geeks finds it impossible to detect a joke that is not clearly 
labeled as such."
Ray Shea

Next message: Rhett Gong [MSFT]: "Re: Callback function to handle CRYPT_USER_PROTECTED action"
Previous message: MCSEGURU: "Re: Can i run more then one session on the computer?"
In reply to: MCSEGURU: "Re: Can i run more then one session on the computer?"
Next in thread: MCSEGURU: "Fast User Switching in Domain Member mode / Authentication Ticket security risks"
Reply: MCSEGURU: "Fast User Switching in Domain Member mode / Authentication Ticket security risks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Can i run more then one session on the computer?
... > computer certificate for Kerberos Authentication encryption, ... in place, and even then, certificates are only involved in the user, not ... computer logon process, and only if using a smart card for logon. ... Secondly, even in a pass-through authentication environment, passwords ...
(microsoft.public.dotnet.security)
Re: Can i run more then one session on the computer?
... > computer certificate for Kerberos Authentication encryption, ... in place, and even then, certificates are only involved in the user, not ... computer logon process, and only if using a smart card for logon. ... Secondly, even in a pass-through authentication environment, passwords ...
(microsoft.public.windowsxp.security_admin)
Re: Can i run more then one session on the computer?
... > computer certificate for Kerberos Authentication encryption, ... in place, and even then, certificates are only involved in the user, not ... computer logon process, and only if using a smart card for logon. ... Secondly, even in a pass-through authentication environment, passwords ...
(microsoft.public.security)