Re: AD authentication encryption
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 8 May 2006 23:17:50 -0500
It depends on the flags you use.
AD supports transport level encryption with SSL. This will encrypt all of
the traffic, including the initial bind request.
AD also supports SSPI authentication using the negotiate protocol (Kerberos
or NTLM). Neither of these mechanisms passes plaintext credentials on the
wire. Additionally, a feature of SSPI is that it can be used to encrypt and
sign the network traffic, much like SSL, after the initial authentication is
performed via a bind.
SSL requires a certificate on the DC, so you don't get it by default.
Negotiate auth is supported by AD without any additional configuration, but
you probably can't use it unless you have a Windows LDAP client that
supports SSPI.
The way you enable these settings depends on the API you are using.
Joe K.
"Eddie" <Eddie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:596B7D48-0378-4A72-86BD-C669DBFF706D@xxxxxxxxxxxxxxxx
Anyone knows what kind of encryption does windows 2003 use to communicate
between client and AD, AD and AD for authentication? Thanks for help.
.
- Prev by Date: Re: Multi-value attributes
- Next by Date: Re: Not showing workstation in the workgroup
- Previous by thread: Re: expired licenses
- Next by thread: Re: AD authentication encryption
- Index(es):
Relevant Pages
|
