[Typo3-dev] S: Sponsoring Windows authentification in TYPO3
Hans J. Martin
hans-jakob.martin at gmx.net
Tue Aug 31 14:08:01 CEST 2004
> Yes, you're right. This is why the extension is set to experimental. See
> this just as an example of how to get the browser to send the ntlm
packets.
> Moreover there is no need to sniff the packets - just logon in windows
with
> an existing FE_user and any password and you're in...
..but in a 'secure' environment, e.g. your company, you might have
restriction which might make this extension usefull as is: Think about
locking up all ports on the switches to the mac-addresses, roll out a policy
to the clients to force them to log in and authenticate with an auth-server
(disallow 'workstation logins' for non admin) and maybe restrict access to
the sso-page via a proxy which also authenticates the user.
Of course if you still have an employee called 'Mallory' (Bert for you) he
can certainly try to sniff you network, but there will be a lot of effort to
finally log in the system.
(And thinking of the 'normal' fe-login box, including forms for changing
passwords and so on this might all be needed under any circumstances...).
More information about the TYPO3-dev
mailing list