-----BEGIN PGP SIGNED MESSAGE-----
I just found that the client that citrix had me install on my linux box
was not the secure one (after we told them to turn on the feature to force
128 bit encryption it failed and they said 'oops' :-) as soon as I get the
secure client I will check it again.
David Lang
On Mon, 17 Jul 2000, Frank Knobbe
wrote:
> Date: Mon, 17 Jul 2000 22:26:37 -0500
> From: Frank Knobbe <[EMAIL PROTECTED]>
> To: 'David Lang' <[EMAIL PROTECTED]>
> Cc: "'[EMAIL PROTECTED] '" <[EMAIL PROTECTED]>
> Subject: RE: Citrx Metaframe/NT4-TSE
>
> > -----Original Message-----
> > From: David Lang [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, July 17, 2000 10:08 PM
> >
> > The username definantly goes through in the clear. I assume
> > the password
> > goes through using the normal NT hash. Interestingly enough it
> > appears that the defender challange/response does not (the link
> > appears to be encrypted by the time that comes up)
>
> And that should exactly be the other way around. Challenge in the
> clear (if it has to be), and after successful authentication, session
> setup with an encrypted channel, and then NT logon (if the Token
> service can not correlate the two and perform pass-through
> authentication).
>
> I'm surprised, though, that the login occurs in clear text. My
> SecureICA client has even an option to use 128bit only during logon.
> I have not sniffed the data yet, but will shortly.
>
> Regards,
> Frank
>
>
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2
iQEVAwUBOXSRcT7msCGEppcbAQFaUwf7BaV2b/aVGFpMUjfUwLYEbSVOfgQS+3cQ
LCnnsef+YoO8RMlOB4j1gDpzq1bGhdwEDDwH8J+ZaqCQ0bZkEwJTkQDD+x8Tq8SP
0PD1mBqsP7Ub7PK+zcBDSLDLcxEYlIWUFWCwUZgKRgAWp4iKRG4uDlh2v2INXhVu
JHbA3zfRg64izpyjYZt/f53ZrHQJARFYpcS2y5KE/rxyA/zdRFtHwp5T1+2JzIBM
0T8822Hf52xkLOPgMdcfbRValrhTtJv/eWYrXNew1o6H3nzeP+kmgR7OimKLavY4
f5yQ/T8LpAepxZoUsHDSwFK2M1q+kvCBT7vXB1baaRpXJqG+P19Y0w==
=5AKm
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
