Security Model

To provide secure access to an LDAP server, the LDAP v.3 protocol allows the use of Simple Authentication and Security Layer (SASL) mechanisms. Active Directory confirms the LDAP v.3 requirements and, therefore, supports SASL mechanisms, which include Kerberos version 5 and MS Negotiate (on Windows 2000). The supported-SASLMechanisms attribute of the RootDSE object stored on every Active Directory server (a domain controller running on Windows 2000 or Windows .NET) contains two values: GSSAPI and GSS-SPNEGO. GSSAPI means Kerberos, and GSS-SPNEGO stands for NT Negotiate (Kerberos, NT LAN Manager (NTLM), etc.). Windows .NET-based domain controllers also support two other SASL mechanisms: EXTERNAL and DIGEST-MD5.

Windows  .NET Domains & Active Directory
Windows .NET Server 2003 Domains & Active Directory
ISBN: 1931769001
EAN: 2147483647
Year: 2002
Pages: 154 © 2008-2017.
If you may any questions please contact us: