Rohan Power Posted March 21, 2018 Share Posted March 21, 2018 Hi ClickStudios, Due to the insecurities of NTLM, we are considering removing the NTLM authentication method from our PS IIS site. We currently are directed to the PasswordState logon page, but are in the process of configuring it for SSO. Do you have a recommendation when it comes to using NTLM vs. kerberos as the default Windows Authentication method on the PasswordState IIS site? And would you recommend setting up a dedicated service account and configure the PasswordState app-pools to run as this account? Kind regards. Link to comment Share on other sites More sharing options...
support Posted March 21, 2018 Share Posted March 21, 2018 Hi Rohan, I've just done some testing on this, by adding 'Negotiate:Kerberos' as the preferred authentication provider for the 'Windows Authentication' in IIS, and it appears to be working fine - although you do need to first disable 'Enable Kernel-mode authentication'. So there should be no issues if you'd prefer to use Kerberos. We do have some instructions for configuring the IIS Application Pools using an MSA account, and you can find this in our installation manual if this is something you would like to explore also - https://www.clickstudios.com.au/downloads/version8/Installation_Instructions.pdf Regards Click Studios Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.