Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Gerhard Fiedler wrote: > Given what they say here <http://en.wikipedia.org/wiki/NTLM>, it seems that > in my situation, SSPI is using NTLM (authenticating to a server through an > IP address, no AD domain) -- which, it seems, is not considered secure. NTLMv2 is reasonably secure provided it's locked down (disable NTLMv1 completely in group policy.. of course only works if you've not got any Win95/NT4 boxes). By default it sends insecure hashes across the net which makes it trivially easy to sniff and find passwords from. The rub is that we only have NTLMv1 for Unix clients at the moment.. but there are better ways to connect for them anyway). Tony