Re: firewall port requirements for windows fall-back authentication
From: S. Pidgorny
Date: 10/20/03
- Next message: Herb Martin: "Re: IPSEC / Certifcate Guide"
- Previous message: enrico sabbadin: "firewall port requirements for windows fall-back authentication"
- In reply to: enrico sabbadin: "firewall port requirements for windows fall-back authentication"
- Next in thread: enrico sabbadin: "Re: firewall port requirements for windows fall-back authentication"
- Reply: enrico sabbadin: "Re: firewall port requirements for windows fall-back authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 20 Oct 2003 21:56:04 +1000
Transmission of NTLM hashes and Kerberos tickets is inside the application
protocol. For example, a Web server doesn't require anything but HTTP open
b/ween a client and the server. However, both need access to a DC to verify
credentials. Nothing is required in the "fallback" mode, however, that one
can only give NTLM hash and not Kerberos ticket.
-- Svyatoslav Pidgorny, MVP, MCSE -= F1 is the key =- "enrico sabbadin" <sabbadin@infinito.it> wrote in message news:u17xqaulDHA.2676@TK2MSFTNGP11.phx.gbl... > Hi, > I've been researching through the web and I've somehow understood what ports > must be open in a firewall > to have NTLM and Kerberos authentication succeed. > I then have read some MS docs stating that "if a firewall is in-between" the > best solution is to use the fall back authentication mode .. that is having > two matching local accounts on the client and a server (say a web server > (Client) and an applciation server (server). > > I'm well aware of the fall-back mechanism .. still what I don't know in what > terms this approach solves the problem .. > that is .. what port do not need anymore to be opened when using fall back > authentication ? > > thank for you help > > p.s.: I'd like to understand if IPSEC can be used to bypass these issues .. > I've read soem docs about it but some say yes, other say no .. can someone > explain ? > again .. thanks a lot > > > -- > sabbadin@sabbasoft.com > MTS - COM+ - VBCOM - Enterprise Services - Security FAQ > .NET & COM+ books selected list > http://www.sabbasoft.com > "Moving fast is not the same as going somewhere." -Robert Anthony > > > >
- Next message: Herb Martin: "Re: IPSEC / Certifcate Guide"
- Previous message: enrico sabbadin: "firewall port requirements for windows fall-back authentication"
- In reply to: enrico sabbadin: "firewall port requirements for windows fall-back authentication"
- Next in thread: enrico sabbadin: "Re: firewall port requirements for windows fall-back authentication"
- Reply: enrico sabbadin: "Re: firewall port requirements for windows fall-back authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
