Authorization vs. Authentication
I was asked the following question today about MOSS: Can MOSS manage passwords? Can I store service account passwords someway in MOSS securely?
Here is an important point about MOSS security:
MOSS does not provide authentication, it only provides authorization. (very important distinction) It relys on either Active Directory or forms authentication to validate passwords. Once AD says yup this person is who they say they are, then Sharepoint takes over. Nowhere in the sharepoint databases will you find a user's password. What you will find in the sharepoint databases is the roles and permissions that a user has.
-Joseph
Here is an important point about MOSS security:
MOSS does not provide authentication, it only provides authorization. (very important distinction) It relys on either Active Directory or forms authentication to validate passwords. Once AD says yup this person is who they say they are, then Sharepoint takes over. Nowhere in the sharepoint databases will you find a user's password. What you will find in the sharepoint databases is the roles and permissions that a user has.
-Joseph
Comments
Thanks a lot for sharing such great information....
Regards,
Amol Ghuge