You should be looking to ask them. 1. What protocol does your web app use for Auth? 2. Does protocol mentioned above transmit u/p over wire vs Kerberos tickets? 3. If it does transmit u/p over wire how does it secure the creds? 4. Does your app "proxy" auth requests back to the domain e.g. via ldap proxy auth? 5. How much "read" access do you need? i.e. read to what attributes? 6. How/where does your app store the u/p creds?
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of John Singler > Sent: September 19, 2006 1:23 PM > To: [email protected] > Subject: [ActiveDir] 3rd party vendor and AD for auth > > Greetings - > > We have a 3rd party vendor who wants to tie their web app into our AD > for authentication and authorization. (This is an app that has already > been purchased and is in-house but uses a local db for AAA). > > What, specifically, should I be asking them about their application so > as to keep our environment in its secure and stable state? > > AFAIK, all they have 'asked' for is a U/P with read access to users and > groups. Obviously, they aren't getting anything until we work out the > details. > > Curious as to what other orgs consider when in similar circumstances. > > Environment (FWIW): > Single forest, single domain. All DCs w2k3 SP1, FFL/DFL are w2k3. > > tia, > > john > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
