Home    Forums    Feature Requests    Beta Issues    SysAid Resources    Documentation    Support    Do It Yourself
Hello Guest,  Login   
        
DOWNLOAD FREE EDITION
    
     Recent Topics    Hottest Topics    Online Members    Member Listing    Advanced Search
LM Authentication is unsecure... is NTLMv2 an option?  XML
Forum Index » SysAid Integration
 
Author Message
CalebR
SysAider

SysAider from release 7.5 United States
Joined: 13/04/2012
Messages: 3
Offline

Greetings,
We are installing SysAid and wanted to use SSO, but the instructions state that LM authentication is required:

If SSO is still not enabled after following the above instructions, there is an additional change that must be made in the Domain Controller Security Settings for each of your computers. Open Local Policies\Security Options and then set the Network Security --> LAN Manager Authentication Level to LM and NTLM responses. Test this change on one computer, and if it works, make this change for all of your computers using a group policy.

Since using LM and the older version of NTLM creates a serious security vulnerability, I am hoping there is an alternative. NTLMv2 or Kerberos should be the only authentication protocols used.

If SysAid can use NTLMv2 so we can use the SSO feature, but if it requires the unsecure NTLM, or especially LM authentication, we cannot permit it as these protocols are trivial to compromise.

Thank you

Also see:
http://www.windowsecurity.com/articles/Protect-Weak-Authentication-Protocols-Passwords.html
http://support.microsoft.com/kb/147706
http://www.windowsecurity.com/articles/What-You-Dont-Know-Can-Hurt-You-LAN-Manager-Might-Be-Supported.html
alep71
SysAider


SysAider from release 7.5 Italy Pathfinder
Joined: 31/03/2011
Messages: 11
Offline

Hello,
in my opinion the only way you can avoid using NTLMv1 authentication in SSO is using a IIS as a frontend proxy.

Regards
Shai Nissan
SysAid Customer Relations

Joined: 13/06/2011
Messages: 17
Offline

Hi CalebR ,

This issue require investigation.
If you still don't have a solution for this, please contact helpdesk@sysaid.com.

Thanks,

Shai
raowen
SysAider


SysAider from release 7.5 United States
Joined: 30/12/2010
Messages: 26
Offline

Was there ever a fix for this? Does version 9 resolve this issue or does it still exist.
Lior
SysAid R&D


Meet me in Vegas - SysAid technology Conference - 28-30/4/2010
Joined: 03/01/2008
Messages: 192
Offline

Kerberos SSO was added in 9.0.
Forum Index » SysAid Integration
Go to:   
Help Desk Software
Free Help Desk Software
Free Asset Management Software
SysAid Helpdesk Software
Web Based Help Desk Software
SysAid Help Desk Forum
General IT Discussion Forum
SysAid CSS Customer Service Software
Customer Support Software
   SysAid Technologies Ltd.
   Toll-Free phone center (U.S.): 1-800-686-7047
   Offices - U.S.617-231-0124
   Israel:+972-3-533-3675
   Email:helpdesk@sysaid.com
   Optimized by SEO Israel
   SysAid logos and other SysAid Technologies marks
   are trademarks or registered trademarks of
   SysAid Technologies Ltd.
   All Rights Reserved by SysAid Technologies Ltd.
   2002-2011
   Live Support Hours
   07:00 AM - 09:30 PM (UK)
   03:00 AM - 05:30 PM (EDT)

   We provide worldwide services, and we do our best
   to match the working times of customers from
   different time zones.

   SysAid Help Desk Software and Asset Management Software
Privacy Policy © Terms Of Use