More on MS Exchange POP3 Password Security

[manleyjw () IMC7 EMS LMCO COM (Manley, Jim W)]

-----BEGIN PGP SIGNED MESSAGE-----

-
> From Michael Kaczmarek at Microsoft:


        Here is an excerpt from the developers. It gets somewhat
technical, but in essence this is a by design feature. Please let me
know if you have any questions.

        Excerpt follows...


> This is absolutely by design.  we do not cache passwords, we
> cache  credential information (a token). this is a significant
performance
> optimization.  dogfood was overloading domain controllers before it was
put in place.
> an administrator who wishes to disable credentials caching can
> do so by creating a DWORD value under ParametersNetif called
"Credentials
> Cache Size" and setting it to 0.  warning: domain controllers may get
> overloaded, as each POP3 logon will cause an NT logon.
>
> Here is some more info on three reg values that make up caching.
>
>       Credentials Cache
>       H_Key_Local_machine\System\Current Control
>       Set\Services\MSExchangeIS\ParametersNetIF
>       Credentials Cache Size D_WORD 0 - 0xffff (default 256) value of
>       0 is cache off.
>       Credentials Cache Age Limit D_WORD minutes (default 2 hrs = 120
>       minutes)
>       Credentials Cache Idle Limit D_WORD minutes (default 15)
>       Descriptions:
>       Credentials Cache Size: The size of the Credentials Cache Link
>       list. A value of 0 Turns cache off.
>       Credentials Cache Age Limit: How long the Credentials for are
>       cached.
>       Credentials Cache Idle Limit: How long until credentials are
>       flushed due to inactivity.



-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBNArLYyvYMV4IyPatAQFJUgP/dzhxCdFFdlEqMSFUT5E5cgj3mxNsV+gQ
qeiEdgBKqD1vWZGfbtenGPcBil3lv4OL3dU4XG85tYv9qNrl5Yx1qWxr53/Q+4ur
kgUPPSMkdVRu7ZA6SAiI4nMYXMj79SqB56dyX79br/wk5pOCD1h/amXNoAoCrtUJ
njMnRECyJhQ=
=jRVm
-----END PGP SIGNATURE-----