-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: David Lang [mailto:[EMAIL PROTECTED]]
> Sent: Monday, July 17, 2000 9:34 PM
>
> what happens is that when you connect to the citrix server
> you first get a
> window propmting you for your NT username/password/domain,
> and then are
> presented with a window giveing the challange for your token. when
> you enter the correct response you then are connected.
Hmm... sounds strange. You should be able to logon with the username
and the challenge _instead_ of the NT password, not in addition.
Especially not after you already had to enter your NT password.
How does the system respond if you try to login with a valid user ID
and domain, but an invalid password? Is there a risk for an account
lockout attack?
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME (X.509) encrypted email preferred.
iQA/AwUBOXPNU0RKym0LjhFcEQJYpACgtM5j34McnAqiMowpMpHNf3fl5s4An0Pt
lQS5XOfbSJPR6PARKgYMrIwk
=quCb
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
