Well, what of these check boxes does need to be checked (default website and
"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:eByLf02JEHA.3728@TK2MSFTNGP12.phx.gbl...
> Hi,
>
> a) Anonymous access won't work. The user needs to authenticate in order to
> get to their mailbox :-)
>
> b) Intergrated Windows Auth offers two auth mechanisms:
> NTLM v2 (for older clients - pre IE v5. It is also supported by Moz
> v1.4+)
> Kerberos (which is supported by IE v5+)
>
> NTLM v2 doesn't work through most proxy servers (because it requires
> some backwards and forwards to auth the user, and it requires the
connection
> to be kept open)
> Kerberos does not work through most firewalls, because the client
needs
> to contact the KDC (Domain Controllers in the Windows world) to get a
> Kerberos ticket. And most firewalls don't allow clients on the untrusted
> side access to the DCs on the other side.
>
> So, IWA is not suitable for some internet facing scenarios.
>
> Basic Auth is supported by all browsers (part of the HTTP/1.1 spec) *BUT*
> username/password is not encrypted across the wire, so you need to use SSL
> to secure the site.
>
> An alternative to Basic Auth is Digest Authentication, which is supported
by
> IE v5+, Moz v1.0.1+, Opera v4+ etc. Digest Auth hashes the user password,
so
> it can't be stolen just be intercepting requests. Digest Auth does require
> that user passwords be stored using Reversible Encryption on the DC. If
you
> have a Windows 2003 Domain, then you also have the option of Advanced
Digest
> Auth, but you seem to be using Ex2000, so I suspect you do not have
Windows
> 2003 Domian.
>
> Does this help at all?
>
> Cheers
> Ken
>
>
> "Peter" <Peter.nospam@news.com> wrote in message
> news:Osu83s2JEHA.620@tk2msftngp13.phx.gbl...
> : Configuring Exchange 2000 OWA/Windows 2000 IIS i can do a lot of
> : configurations.
> : Regarding Authentication I can set the "Anonymous", "Basic" and
> "Integrated"
> : security option on both the "Default Web Site" and the "Exchange site".
> : Having exchange on the same server as the IIS and the DCs on other
> servers,
> : what of these settings needs to be set for highest security when
accessing
> : OWA from the internet?
> :
> : I have enabled the "Basic" and set the domain to the right domain name
for
> : both Default web site and the exchange site but what about anonymous and
> : integrated? Does any of these need to be set so that things will work
or?
> :
> : I really need some input on this matter.
> :
> : Thanks!
> :
> :
>
>
