[cvsnt] RH Linux ES4 Client recommended protocols?
tony.hoyle at march-hare.com
Thu May 10 17:15:53 BST 2007
Gerhard Fiedler wrote:
> Given what they say here <http://en.wikipedia.org/wiki/NTLM>, it seems that
> in my situation, SSPI is using NTLM (authenticating to a server through an
> IP address, no AD domain) -- which, it seems, is not considered secure.
NTLMv2 is reasonably secure provided it's locked down (disable NTLMv1
completely in group policy.. of course only works if you've not got any
Win95/NT4 boxes). By default it sends insecure hashes across the net
which makes it trivially easy to sniff and find passwords from.
The rub is that we only have NTLMv1 for Unix clients at the moment.. but
there are better ways to connect for them anyway).
More information about the cvsnt