Following on from that, the only information you can get from NT is the
usercode of the person who is logged in and in which domain. If you
integrate your security with NT's, then you will have to query NT's security
to retrieve the above 2 pieces of information, and match it against your
list of users - and implicitly trust that NT has correctly authenticated the
user, therefore it is important to use the domain information. If you need
to call another program passing in the password, you've got to store the
password separately. BTW, you can query NT to see if a
domain/usercode/password combination is valid.
Regards,
Dennis.
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of Nic Wise
> Sent: Tuesday, 6 June 2000 14:06
> To: Multiple recipients of list delphi
> Subject: RE: [DUG]: one time authentication
>
>
> NT's security uses a one-way hash, similar, if not actually,
> MD5. Basically,
> there is NO WAY to reverse it - the only way to crack it is
> to go thru a
> dictionary and encrypt each one, then test the encrypted results.
>
> Unix is the same, but it uses 3des (des, then des again, then
> des AGAIN)
>
> NT's NTLM authentication works 'cos the workstation has the
> password, or
> atleast the hash of it, as does the server - it sends that
> hash over the
> wire, based on the username I think, so the username /
> password combination
> never gets sent - just the username and the one-way hash.
>
> Make sense???
>
> :)
>
> N
> --
> Nic Wise - 021.676.418 / [EMAIL PROTECTED] /
> Inprise/Borland New Zealand
> Is it not a foolish man, said little Woo, who keeps all his
> chickens in his
> trousers?
> For at best, will he not suffocate his chickens, and, and
> worst, will he not
> disappoint the ladies in the village? --Alexi Sayle
>
>
>
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On
> Behalf Of Peter Hyde
> Sent: Tuesday, 6 June 2000 10:49
> To: Multiple recipients of list delphi
> Subject: Re: [DUG]: one time authentication
>
>
> Philip wrote:
>
> > Hmmm, I can see how to get hold of the user's name easily
> enough. But what
> > about the password? and what format is the password in?
>
> I was afraid you'd ask that. About two minutes after sending off
> the "sure you can read the registry" answer, it occurred to me
> that you may not have previously confirmed that the data is,
> indeed, findable and decipherable in the registry, even if you can
> read the keys themselves.
>
> No immediate answer springs to mind -- NT security may be tight
> enough to render it very difficult to decode what you're after, but
> someone else may have a more informed answer.
>
>
> cheers,
> peter
>
> ============================================
> Peter Hyde, WebCentre and SPIS, Christchurch, New Zealand
> * Web automation for online periodicals: http://TurboPress.com
> * TurboNote: http://TurboPress.com/tbnote.htm
> -- small, FREE and very handy
> ------------------------------------------------------------------
> ---------
> New Zealand Delphi Users group - Delphi List - [EMAIL PROTECTED]
> Website: http://www.delphi.org.nz
>
---------------------------------------------------------------------------
New Zealand Delphi Users group - Delphi List - [EMAIL PROTECTED]
Website: http://www.delphi.org.nz
---------------------------------------------------------------------------
New Zealand Delphi Users group - Delphi List - [EMAIL PROTECTED]
Website: http://www.delphi.org.nz
