Hi, to clear things up -
digest authentication works in the following way - the browser sends an username and a hashed password to IIS - IIS checks this username/password against a domain account - to accomplish this IIS needs access to Active Directory - so IIS has to be member of the corresponding domain. Active Directory stores passwords in its domain database (extensible storage engine). passwords are usually stored in this database using a non-reversible hash. The hash used by digest auth and AD is different. So IIS has to retrieve the user-password in clear text to hash it and compare the hash to the data sent by the browser. A pre-requisite for using digest auth is to change AD to use "reversible hashs" - to make it possible for IIS to retrieve clear text. This is a big security issue. bye dominick baier ernw -----Ursprungliche Nachricht----- Von: dotnet discussion [mailto:[EMAIL PROTECTED]]Im Auftrag von Brad Wilson Gesendet: Sonntag, 28. April 2002 22:59 An: [EMAIL PROTECTED] Betreff: Re: [DOTNET] Windows authentication and Netscape Reggie Burnett wrote: > Digest auth is a web server function. Why in the world would it require a > domain controller? IIRC, I believe that digest authentication is tied to an Active Directory. The typical way to get secure logins for non-IE is basic auth inside HTTPS. Brad -- Read my web log at http://www.quality.nu/dotnetguy/ You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com. You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
