Re: Webmail authentication

["Chris Berry" <compjma () hotmail com>]

> From: "David Brown" <David.Brown () synergex com>
> My company is working on a webmail implementation, which requires that
> the user authenticate to an NT domain.  Regardless of the
> authentication method, there is always an option in the login dialog
> to 'Save this password in your password list', which seems to be
> browser driven.  I don't want my user population saving their
> passwords to various computers all over the world.  Does anyone have a
> clue how to remove or disable this option?

If you mean browsers on your corporate network you can disable it in 
IE\tools\options or lock it down using local security policy/active 
directory (this assumes you're using IE, don't think that will work for 
mozilla, netscape, opera, or lynx)  Basically though I would not rely on 
this method even if you are using IE.  I recommed that instead of allowing 
your users to type in their passwords into a javascript form box, you should 
use another authentication method.  Certificates might be a good idea or you 
could create a virtual keyboard on the sign in page, and have them click on 
the buttons to enter their password.  Whatever you come up with, I agree 
that having your passwords saved all over the place is a bad idea, and you 
might want to consider forcing them to use a different password for email 
than their logon password.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Live dangerously, overclock your servers."

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail