[5238] in bugtraq
More on MS Exchange POP3 Password Security
daemon@ATHENA.MIT.EDU (Manley, Jim W)
Mon Sep 1 16:30:36 1997
Date: Mon, 1 Sep 1997 08:55:52 -0500
Reply-To: "Manley, Jim W" <manleyjw@IMC7.EMS.LMCO.COM>
From: "Manley, Jim W" <manleyjw@IMC7.EMS.LMCO.COM>
X-To: security <security@isst.lmtas.lmco.com>
To: BUGTRAQ@NETSPACE.ORG
-----BEGIN PGP SIGNED MESSAGE-----
-
From Michael Kaczmarek at Microsoft:
Here is an excerpt from the developers. It gets somewhat
technical, but in essence this is a by design feature. Please let me
know if you have any questions.
Excerpt follows...
>This is absolutely by design. we do not cache passwords, we
>cache credential information (a token). this is a significant
performance
>optimization. dogfood was overloading domain controllers before it was
put in place.
>an administrator who wishes to disable credentials caching can
>do so by creating a DWORD value under ParametersNetif called
"Credentials
>Cache Size" and setting it to 0. warning: domain controllers may get
>overloaded, as each POP3 logon will cause an NT logon.
>
>Here is some more info on three reg values that make up caching.
>
> Credentials Cache
> H_Key_Local_machine\System\Current Control
> Set\Services\MSExchangeIS\ParametersNetIF
> Credentials Cache Size D_WORD 0 - 0xffff (default 256) value of
> 0 is cache off.
> Credentials Cache Age Limit D_WORD minutes (default 2 hrs = 120
> minutes)
> Credentials Cache Idle Limit D_WORD minutes (default 15)
> Descriptions:
> Credentials Cache Size: The size of the Credentials Cache Link
> list. A value of 0 Turns cache off.
> Credentials Cache Age Limit: How long the Credentials for are
> cached.
> Credentials Cache Idle Limit: How long until credentials are
> flushed due to inactivity.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQCVAwUBNArLYyvYMV4IyPatAQFJUgP/dzhxCdFFdlEqMSFUT5E5cgj3mxNsV+gQ
qeiEdgBKqD1vWZGfbtenGPcBil3lv4OL3dU4XG85tYv9qNrl5Yx1qWxr53/Q+4ur
kgUPPSMkdVRu7ZA6SAiI4nMYXMj79SqB56dyX79br/wk5pOCD1h/amXNoAoCrtUJ
njMnRECyJhQ=
=jRVm
-----END PGP SIGNATURE-----
