[cvsnt] RH Linux ES4 Client recommended protocols?
Gerhard Fiedler
lists at connectionbrazil.com
Thu May 10 00:48:39 BST 2007
Glen Starrett wrote:
> Protocols recommendations are near the bottom of this page:
> http://march-hare.com/cvspro/security.htm
Glen, I have a question about a comment there. It says about sspi:
"SSPI is also considered secure provided that Active Directory is set to
enable kerberos authentication only (ie NTLM disabled)."
I don't use AD; I just run a Win2k Pro server with (so far) only Windows
clients, using the SSPI protocol. Considering earlier discussions here on
the group I thought this was secure...
Given what they say here <http://en.wikipedia.org/wiki/NTLM>, it seems that
in my situation, SSPI is using NTLM (authenticating to a server through an
IP address, no AD domain) -- which, it seems, is not considered secure.
Should I worry? Is there anything I can do (short of using sserver)?
Thanks,
Gerhard
More information about the cvsnt
mailing list