Hi, i'm not aware of the changes to IIS 5.1 (shame on me ;-)
but IIS 5.0 does NOT need to run on a DC either. bye dominick baier ernw -----Ursprungliche Nachricht----- Von: dotnet discussion [mailto:[EMAIL PROTECTED]]Im Auftrag von John Lam Gesendet: Montag, 29. April 2002 00:21 An: [EMAIL PROTECTED] Betreff: Re: [DOTNET] AW: [DOTNET] Windows authentication and Netscape - How Digest Auth works This is only true in pre-XP implementations. In Windows XP, Digest Authentication is implemented as a Security Support Provider (SSP). Under XP, the IIS 5.1 web server does not need to run on a DC (actually you can't since that's a server function, and Windows .NET Server isn't released yet). -John http://www.iunknown.com -----Original Message----- From: Dominick Baier [mailto:[EMAIL PROTECTED]] Sent: Sunday, April 28, 2002 5:34 PM To: [EMAIL PROTECTED] Subject: [DOTNET] AW: [DOTNET] Windows authentication and Netscape - How Digest Auth works Hi, to clear things up - digest authentication works in the following way - the browser sends an username and a hashed password to IIS - IIS checks this username/password against a domain account - to accomplish this IIS needs access to Active Directory - so IIS has to be member of the corresponding domain. Active Directory stores passwords in its domain database (extensible storage engine). passwords are usually stored in this database using a non-reversible hash. The hash used by digest auth and AD is different. So IIS has to retrieve the user-password in clear text to hash it and compare the hash to the data sent by the browser. A pre-requisite for using digest auth is to change AD to use "reversible hashs" - to make it possible for IIS to retrieve clear text. This is a big security issue. bye dominick baier ernw You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com. You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
