Sign in with
Sign up | Sign in
Your question

Win Integ Auth, dilema on 'pop up' generated by SSL cert

Last response: in Windows 2000/NT
Share
June 2, 2005 8:51:24 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Here is the problem:
I must publish a Sharepoint site on the Internet (using ISA 2004). At the
same time I must make such sharepoint site available for the internal users
as well.
My question is this, assuming I don't have any sensitive information on this
site, do you agree that it should be OK if I require Windows Integrated
Authentication and do not use SSL ?

The reason is this, if I make the thing work with SSL, for the external
users tha will be alright because the name of the FQDN domain name should
match the certificate name installed on the server.
However, for users accesssing the site from the internal network, that would
generate a pop up to warn certificates don't match.

Please confirm implications of using Win Integrated Authentication only
instead of SSL (Internet use). From my understand that should be secure
enough, but I would like to confirm.
Anonymous
June 3, 2005 12:03:33 AM

Archived from groups: microsoft.public.win2000.security (More info?)

In article <ewYoy38ZFHA.228@TK2MSFTNGP12.phx.gbl>, in the
microsoft.public.win2000.security news group, Magoo
<nospammagoo@hotmail.com> says...


>
> Please confirm implications of using Win Integrated Authentication only
> instead of SSL (Internet use). From my understand that should be secure
> enough, but I would like to confirm.
>

Secure over the Internet? You realize that without SSL all of the data
transferred will be in clear text?
You could always terminate the SSL connection at the ISA server.

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea
June 3, 2005 12:03:34 AM

Archived from groups: microsoft.public.win2000.security (More info?)

username/password credentials using during the authentication process should
be protected by Kerberos or NTLM when using Windows Integrated. Am I wrong ?


"Paul Adare" <padare@newsguy.com> wrote in message
news:MPG.1d09686336fb460c989da0@msnews.microsoft.com...
> In article <ewYoy38ZFHA.228@TK2MSFTNGP12.phx.gbl>, in the
> microsoft.public.win2000.security news group, Magoo
> <nospammagoo@hotmail.com> says...
>
>
>>
>> Please confirm implications of using Win Integrated Authentication only
>> instead of SSL (Internet use). From my understand that should be secure
>> enough, but I would like to confirm.
>>
>
> Secure over the Internet? You realize that without SSL all of the data
> transferred will be in clear text?
> You could always terminate the SSL connection at the ISA server.
>
> --
> Paul Adare
> MVP - Windows - Virtual Machine
> http://www.identit.ca/blogs/paul/
> "The English language, complete with irony, satire, and sarcasm, has
> survived for centuries without smileys. Only the new crop of modern
> computer geeks finds it impossible to detect a joke that is not clearly
> labeled as such."
> Ray Shea
June 3, 2005 12:03:35 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Ah, and your ideaa should address my problem. I terminate the SSL on the
ISA, so that internal users don't get the certificate-dont-match warning.
"Magoo" <nospammagoo@hotmail.com> wrote in message
news:eizHRH9ZFHA.3132@TK2MSFTNGP09.phx.gbl...
> username/password credentials using during the authentication process
> should be protected by Kerberos or NTLM when using Windows Integrated. Am
> I wrong ?
>
>
> "Paul Adare" <padare@newsguy.com> wrote in message
> news:MPG.1d09686336fb460c989da0@msnews.microsoft.com...
>> In article <ewYoy38ZFHA.228@TK2MSFTNGP12.phx.gbl>, in the
>> microsoft.public.win2000.security news group, Magoo
>> <nospammagoo@hotmail.com> says...
>>
>>
>>>
>>> Please confirm implications of using Win Integrated Authentication only
>>> instead of SSL (Internet use). From my understand that should be secure
>>> enough, but I would like to confirm.
>>>
>>
>> Secure over the Internet? You realize that without SSL all of the data
>> transferred will be in clear text?
>> You could always terminate the SSL connection at the ISA server.
>>
>> --
>> Paul Adare
>> MVP - Windows - Virtual Machine
>> http://www.identit.ca/blogs/paul/
>> "The English language, complete with irony, satire, and sarcasm, has
>> survived for centuries without smileys. Only the new crop of modern
>> computer geeks finds it impossible to detect a joke that is not clearly
>> labeled as such."
>> Ray Shea
>
>
!