Re: What is a local logon?
From: Herb Martin (news_at_LearnQuick.com)
Date: 03/28/04
- Previous message: Ken Schaefer: "Re: All user account locked"
- In reply to: Ken Schaefer: "Re: What is a local logon?"
- Next in thread: Ken Schaefer: "Re: What is a local logon?"
- Reply: Ken Schaefer: "Re: What is a local logon?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 28 Mar 2004 10:17:52 -0600
> : BASIC (and digest) is always a local logon -- you hand your username
> : and password to the web server which logs on as the you (locally.)
>
>
> I thought Digest Authentication worked the same way as IWA. With Digest
you
> hand your username, and a hash of your password to IIS. IIS passes this to
> the Domain Controller. DC performs the same hash, and determines whether
the
> hash matches the one stored in AD. If they match, appropriate token is
sent
> back to IIS.
That's what I said. Digest is similar to basic, except for the protection
of the password.
> Also, OP mentioned using Windows 2000, but with Windows 2003, I'm under
the
> impression that Basic Authentication is now a network, not a local, logon.
I didn't know they had change it -- and it is not a "natural" change but
likely needed to be "rigged" if it was changed.
-- Herb Martin "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message news:#0aj1NLFEHA.696@TK2MSFTNGP12.phx.gbl... > > "Herb Martin" <news@LearnQuick.com> wrote in message > news:ODjZWJ5EEHA.3424@tk2msftngp13.phx.gbl... > : "Gino" <cosine@covad.net> wrote in message > : news:59854$4064ab14$44a77c62$23722@msgid.meganewsservers.com... > : > Logon locally is a user right as well as Logon over the Network and they > : > are, exactly as described. If a user with a domain account tries to > logon > : to > : > a Domain Controller, and dose not have the user right to logon locally > : they > : > cannot logon, even though they might have permmisions set to access > : folders, > : > this is by design. > : > : All of the above is true but likely not what he is questioning; > : he wants to know how the WEB SERVER chooses, uses, > : or abuses the above methods when users try to access > : resources through that web server. > : > > Cheers > Ken > > > > : Integrated CAN BE "network" if you use a domain account. > : You authenticated with the domain and then connect to the > : web (resource) server as a "network" user. > : > : -- > : Herb Martin > : > > : > "Roger Haxby" <roger.haxxxby_rem2x@ntlworld.com> wrote in message > : > news:e3GDT71EEHA.2176@tk2msftngp13.phx.gbl... > : > > We are having users log onto a server through a browser. All users > will > : > be > : > > in a specific user group. It appears that this counts as a local > : login - > : > if > : > > we do not allow local logons in the group policy for that user group, > : they > : > > cannot log on via the browser. The browser authentication method does > : not > : > > seem to make a difference (basic, integrated windows authentication, > we > : > have > : > > not tried digest) > : > > Is this expected behaviour? > : > > > : > > If that is expected behaviour, what is a Network Logon - is that file > : > shares > : > > only? > : > > > : > > Server is W2K Advanced Server, SP4 Domain Controller > : > > > : > > Roger Haxby > >
- Previous message: Ken Schaefer: "Re: All user account locked"
- In reply to: Ken Schaefer: "Re: What is a local logon?"
- Next in thread: Ken Schaefer: "Re: What is a local logon?"
- Reply: Ken Schaefer: "Re: What is a local logon?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
