store password using reversible encryption

[Lin]

if the password policy is config with "store password
using reversible encryption"
is it that user account must be config with " change
password at next logon"?


what kind of application ( any example) require the
setting of "store password using reversible encryption"?

 

[Steven Umbach]

The user password will not be stored in reversible encryption until they
change there password. There should be little reason to use this option and it
is a big security risk as passwords are not stored securely. It would need to be
used if Chap was used for remote access authentication or IIS is configured to
use digest authentication. You would want to avoid ever having to do this,
especially at a domain level. --- Steve

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/w
inxppro/proddocs/505.asp

 

[Lin]

this mean to say chap and digest authentication shouldnt
be use if they have to come with "store password using
reversible encryption"?

-----Original Message-----
The user password will not be stored in

reversible encryption until they

 

[Steven Umbach]

It is a requirement that store password with reversible encryption be
enabled for any accounts that would authenticate via chap or digest
authentication which is a big security risk. Something to keep in mind for
anyone needing to use those two methods of authentication. --- Steve

 

[Lin]

thanks Steve

-----Original Message-----
It is a requirement that store password with reversible encryption be
enabled for any accounts that would authenticate via chap or digest
authentication which is a big security risk. Something to keep in mind for
anyone needing to use those two methods of authentication. --- Steve




.