Authentication through OWA

[Wodill]

Currently when our users access their Exchange 2003 mailbox through OWA, they need to enter our domain name\username in order to properly authenticate.

I found the fix so that the domain name doesn't have to be entered by changing the IIS settings on the exchange server to basic authentication.

What is the downside to this or in order words what kind of security holes would I be opening up if we made this change just so it was easier for the users to log in?

Thanks

 

[wdoellefeld]

Not at the office so I give you the exact path but there is an option in the same authentication settings area to always "assume" a particular domain. You enter the domain you want "assumed" in the text field next to it.

 

[WesF]

Was hoping that was the case, but don't see that for the pop3 virtual server. It is there for basic authentication for the smtp virtual server.

 

[WesF]

Sorry, the above post was meant for another thread.

 

[zacca]

Hi wdoellefeld, can you post the exact path so that owa can always assum a particular domain? Many thanks!