Gary in a Strict Active Directory environment then as far as I know the
CGI.AUTH_USER variable will always be available as long as the user remains
logged in. In my experience thus far I have not seen a flaw in this system,
except when the user logs in using a local system account rather than an AD
domain account, in which case sometimes the variable will be NULL.

When using this system its raelly as secure as the workstation is. So as
long as that user is logged into their workstation then they will be
automatically authenticated through the intranet system by means of a lookup
security table which means their AD domain account to a custom security
account. If someone else happens to jump onto their machine while they are
on the dunny and therefore gains access to the intranet, then this raises
bigger questions and also means that the user's entire system has been
breached.

Phil




"Gary Menzel" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>
> NBTSTAT does work and is "secure" (at least in one domain - I have never
> used it in more than one).  The only problem will be if the organisation
> does not have a SOE (Standard Operating Environment) and you may end up
> with NBSTAT reports that dont contain the information you need or you may
> have a mess finding out the correct ID of the logged in user.
>
> I wonder if people missed what is being asked here.....
>
> He wants to be able to authenticate someone WITHOUT having to have them
> supply any other authentication (ie. the grey popup box).  Not all
> networks provide the CGI authentication variables.  NBTSTAT is a
> reasonably reliable alternative - and you can get people to authenticate
> if you can't do it via NBTSTAT.
>
> In terms of authenticating across two domains - you can probably sort the
> domains out by the IP address (even if they are dynamically alllocated)
> because they would still have to be in a range.
>
> We attempted to use Active Directory with LDAP in the same environment and
> the problem was that the LDAP information was not acurrately maintained in
> the AD environment.
>
> Regards,
> Gary Menzel
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.449 / Virus Database: 251 - Release Date: 27/01/2003



---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]

MX Downunder AsiaPac DevCon - http://mxdu.com/

Reply via email to