This is how RadiusNt does it.. I made a CFapp to do it a while back for a ISP. ----- Original Message ----- From: "Justin Buist" <[EMAIL PROTECTED]> To: "CF-Server" <[EMAIL PROTECTED]> Sent: Saturday, November 10, 2001 6:39 PM Subject: RE: Remote NT Authentication
> > I don't think this is possible. I don't think that you're programmatically > > allowed to retrieve passwords from the NT user database. You could turn this > > on its head, and have your users change their NT passwords through a CF > > application, which could then write the entries to a database in addition to > > writing the changes to the NT user database. From a security perspective, > > this has its own problems, of course. > > > > Dave Watts, CTO, Fig Leaf Software > > You are correct, you cannot retreive passwords from an NT database but you > -can- (never done it..but you can I'm sure) retreive the encrypted > password, just like in Unix. From there you can collect the password from > the user in CF, encrypt it using the same algorithm that NT uses and > compare the stored values. This is really how all password schemes should > work but in practice a fair amount of developers will store the > unencrypted password and just compare that. Yes, I am personally guilty > of building such systems. > > Justin Buist > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get the mailserver that powers this list at http://www.coolfusion.com ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
