And a clear-text copy of the requesting user's password must be stored in Active Directory.
Willy. ----- Original Message ----- From: "Dominick Baier" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 26, 2002 10:10 PM Subject: [DOTNET] AW: [DOTNET] Windows authentication and Netscape > digest authentication will only work > for IIS installed on a domain controller > > Hi, > thats not right - IIS has to be a domain member - not controller - however > you have to specify "use reversible hash" in Active Directory which poses a > possible security risk. > > greets > dominick baier > ernw > > -----Ursprüngliche Nachricht----- > Von: dotnet discussion [mailto:[EMAIL PROTECTED]]Im Auftrag von > Henk de Koning > Gesendet: Freitag, 26. April 2002 20:50 > An: [EMAIL PROTECTED] > Betreff: Re: [DOTNET] Windows authentication and Netscape > > > > Basic Authentication is cleartext, > > But can be secured on the channel level (e.g. using https). Asuming you > periodically change your passwords this is good enough most of the times. > > Digest is cryptographically secure, > > IIRC. > > It does a challenge/response. However, digest authentication will only work > for IIS installed on a domain controller (of all things ...). Most people > consider opening up their domain controllers to the internet a bad thing > (allthough it is getting increasinly trendy to proxy the internal webserver > out on the internet). > > -- Henkk > > You can read messages from the DOTNET archive, unsubscribe from DOTNET, or > subscribe to other DevelopMentor lists at http://discuss.develop.com. > > You can read messages from the DOTNET archive, unsubscribe from DOTNET, or > subscribe to other DevelopMentor lists at http://discuss.develop.com. > You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
