IIS Server Security - Re: How secure is Digest Mode compared to Integrated Authenticatio

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > January 2007 > Re: How secure is Digest Mode compared to Integrated Authenticatio





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Re: How secure is Digest Mode compared to Integrated Authenticatio
David Wang

2007-01-30, 7:23 pm

Secure authentication protocols like Integrated does not support
DefaultLogonDomain. Why? Because the protocol never passes username/
password to IIS, meaning IIS cannot choose the DefaultLogonDomain to
logon the username.

Editing the metabase, like the Registry, is not meant for most users.
ONe will need at least the following info:
- built-in tools like ADSUTIL.VBS ( http://msdn.microsoft.com/library/
default.asp?url=/library/en-us/iissdk/html/5e7f8cde-4a01-42bd-acaf-
f8f7d091ef7c.asp )
- tools like MBExplorer which makes editing the metabase easy ( http://
www.microsoft.com/downloads/details...92ee-a71a-4c73-
b628-ade629c89499&DisplayLang=en )
- documentation on MSDN detailing what every property means ( http://
msdn.microsoft.com/library/default.asp?url=/library/en-us/iissdk/html/
bb9c0d25-d003-4ddd-8adb-8662de0a24ee.asp )

I believe making users specify username@domain.com is pretty
reasonable, especially if it also corresponds to their email address.
I believe that getting used to specifying one's domain is critical --
how else do you distinguish between all the Davids in the world if
they all got used to logging in with their name on all the systems in
the world? We live in a connected, global society.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//



On Jan 30, 5:08 am, K12-Jammer <K12Jam...@discussions.microsoft.com>
wrote:
> I agree that Integrated is the way to go. I believe that I could do this
> using the metabase property DefaultLogonDomain but haven't been able to
> figure out how to actually do that. Documentation on editing the metabase
> seems hard to find and everytime I bring it up somewhere people ask about
> other things that don't seem relevant.
>
> So for now by boss is willing to go the route of specifying the domain
> manually by using the usern...@DOMAINNAME.COM method of user identification.
> Guess that isn't so bad. People will get used to it.
>
> Have a great day.
>
> --
> Jim R
>
>
>
> "David Wang" wrote:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> - Show quoted text -


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com