-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: David Lang [mailto:[EMAIL PROTECTED]]
> Sent: Monday, July 17, 2000 10:08 PM
>
> The username definantly goes through in the clear. I assume
> the password
> goes through using the normal NT hash. Interestingly enough it
> appears that the defender challange/response does not (the link
> appears to be encrypted by the time that comes up)
And that should exactly be the other way around. Challenge in the
clear (if it has to be), and after successful authentication, session
setup with an encrypted channel, and then NT logon (if the Token
service can not correlate the two and perform pass-through
authentication).
I'm surprised, though, that the login occurs in clear text. My
SecureICA client has even an option to use 128bit only during logon.
I have not sniffed the data yet, but will shortly.
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME (X.509) encrypted email preferred.
iQA/AwUBOXPObERKym0LjhFcEQKMXgCg2GLuz0g2X2QDSjt5oiZcn1rkHFAAoKf7
KYXyKuXzfZqhSi4TpWsDZNyf
=y+Af
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
