When the user ID and password are passed from the desktop to the server, does this use HTTP authentication, Microsoft NT LAN Manager (NTLM) version 2 or Kerberos?
A. The Cisco MeetingPlace Web is setup with Microsoft IIS to use Web authentication (HTTP authentication). It can also be setup with Microsoft IIS to use Windows Integrated authentication. According to Microsoft’s article, Windows Integrated authentication uses Kerberos version 5 and NTLM authentication. The actual protocol it uses depends on the client’s Operating System (OS) platform and whether the client browser supports such protocol. Many customers use the Integrated Microsoft NT authentication method, but it requires additional work from Cisco MeetingPlace Professional Services to create a custom start page to remove the domain name, and to resolve case and username length issues. In all cases, the password is encrypted (shown as a hash in the IIS log), but the user ID is not. However, the encryption used with Web authentication is a well known encryption algorithm and can be easily cracked. For true security, it is best to deploy a secure socket layer (SSL).
