How does GMS Webmail transmit and validate passwords when SAM users log on?

  1. Home
  2. Knowledge Base
  3. GMS
  4. How does GMS Webmail transmit and validate passwords when SAM users log on?

Question

How does GMS Webmail transmit and validate passwords when SAM users log on?

Answer

Lets consider the path that the password goes through from being typed by the user all the way to the Windows authentication.

  • Keyboard to Web browser To verify this is secure check that (a) no-one is watching; and (b) that there is no key-grabbing software installed.
  • Web browser to GMS Webmail Server There are two levels of encryption available:
    1. Each password is "weak encrypted" by the Java Applet before it is transfered to GMS Webmail.
    2. If HTTPS is in use, a further level of encryption is provided by the Secure Socket Layer. To obtain a key to allow HTTPS to be installed on GMS Webmail, please contact Gordano Sales.
  • GMS Webmail Server to Windows GMS Webmail will decrypt the password and pass it as plain text to the Microsoft Windows API. The Microsoft authentication system provides a "good" or "bad" response which is used by GMS Webmail to accept or deny the user.

    Gordano has no control of the password once it has been passed to the Microsoft authentication layer. Please refer to Microsoft documentation to identify the security in place for communication between PDCs, BDCs, different OS versions, etc.

See Also:

Keywords:SAM ntdatabase password security

Was this article helpful?

Related Articles