Bugtraq mailing list archives
More on MS Exchange POP3 Password Security
From: manleyjw () IMC7 EMS LMCO COM (Manley, Jim W)
Date: Mon, 1 Sep 1997 08:55:52 -0500
-----BEGIN PGP SIGNED MESSAGE----- -
From Michael Kaczmarek at Microsoft:
Here is an excerpt from the developers. It gets somewhat technical, but in essence this is a by design feature. Please let me know if you have any questions. Excerpt follows...
This is absolutely by design. we do not cache passwords, we cache credential information (a token). this is a significant
performance
optimization. dogfood was overloading domain controllers before it was
put in place.
an administrator who wishes to disable credentials caching can do so by creating a DWORD value under ParametersNetif called
"Credentials
Cache Size" and setting it to 0. warning: domain controllers may get overloaded, as each POP3 logon will cause an NT logon. Here is some more info on three reg values that make up caching. Credentials Cache H_Key_Local_machine\System\Current Control Set\Services\MSExchangeIS\ParametersNetIF Credentials Cache Size D_WORD 0 - 0xffff (default 256) value of 0 is cache off. Credentials Cache Age Limit D_WORD minutes (default 2 hrs = 120 minutes) Credentials Cache Idle Limit D_WORD minutes (default 15) Descriptions: Credentials Cache Size: The size of the Credentials Cache Link list. A value of 0 Turns cache off. Credentials Cache Age Limit: How long the Credentials for are cached. Credentials Cache Idle Limit: How long until credentials are flushed due to inactivity.
-----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQCVAwUBNArLYyvYMV4IyPatAQFJUgP/dzhxCdFFdlEqMSFUT5E5cgj3mxNsV+gQ qeiEdgBKqD1vWZGfbtenGPcBil3lv4OL3dU4XG85tYv9qNrl5Yx1qWxr53/Q+4ur kgUPPSMkdVRu7ZA6SAiI4nMYXMj79SqB56dyX79br/wk5pOCD1h/amXNoAoCrtUJ njMnRECyJhQ= =jRVm -----END PGP SIGNATURE-----
Current thread:
- More on MS Exchange POP3 Password Security Manley, Jim W (Sep 01)