Re: How secure is Digest Mode compared to Integrated Authenticatio
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > Web Servers reviews > IIS server support > IIS Server Security > Re: How secure is Digest Mode compared to Integrated Authenticatio




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    Re: How secure is Digest Mode compared to Integrated Authenticatio  
David Wang


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
01-31-07 12:23 AM

Secure authentication protocols like Integrated does not support
DefaultLogonDomain. Why? Because the protocol never passes username/
password to IIS, meaning IIS cannot choose the DefaultLogonDomain to
logon the username.

Editing the metabase, like the Registry, is not meant for most users.
ONe will need at least the following info:
- built-in tools like ADSUTIL.VBS ( http://msdn.microsoft.com/library/
default.asp?url=/library/en-us/iissdk/html/5e7f8cde-4a01-42bd-acaf-
f8f7d091ef7c.asp )
- tools like MBExplorer which makes editing the metabase easy ( http://
www.microsoft.com/downloads/details...92ee-a71a-4c73-
b628-ade629c89499&DisplayLang=en )
- documentation on MSDN detailing what every property means ( http://
msdn.microsoft.com/library/default.asp?url=/library/en-us/iissdk/html/
bb9c0d25-d003-4ddd-8adb-8662de0a24ee.asp )

I believe making users specify username@domain.com is pretty
reasonable, especially if it also corresponds to their email address.
I believe that getting used to specifying one's domain is critical --
how else do you distinguish between all the Davids in the world if
they all got used to logging in with their name on all the systems in
the world? We live in a connected, global society.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//



On Jan 30, 5:08 am, K12-Jammer <K12Jam...@discussions.microsoft.com>
wrote:
> I agree that Integrated is the way to go.   I believe that I could do this
> using the metabase property DefaultLogonDomain but haven't been able to
> figure out how to actually do that.  Documentation on editing the metabase
> seems hard to find and everytime I bring it up somewhere people ask about
> other things that don't seem relevant.
>
> So for now by boss is willing to go the route of specifying the domain
> manually by using the usern...@DOMAINNAME.COM method of user identificatio
n.
> Guess that isn't so bad.  People will get used to it.
>
> Have a great day.
>
> --
> Jim R
>
>
>
> "David Wang" wrote: 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>
> - Show quoted text -




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 12:13 AM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register