No, forms-based auth is cookie based. You authenticate via the form, which uses the host server's resources to get you authenticated. I.E. Since Exchange FE server requires a domain member, the authentication is handled by the FE server and Active Directory through it's means of authentication normally Kerberos. SSL protects the transmission of sensitive information, such as your username and password, from being sniffed on the wire, since it encrypts the transport level of the conversation. Your username and password are clear-text inside the SSL conversation, but they're on a protected communication channel. -----Original Message----- From: m1r4cle_26@xxxxxxxxx [mailto:m1r4cle_26@xxxxxxxxx] Sent: Friday, August 27, 2004 2:34 PM To: [ExchangeList] Subject: [exchangelist] form based auth using kerberos ? http://www.MSExchange.org/ Hello, How does form-based authentication of OWA 2003 authenticate users actually ? Is it by basic authentication where username & password are sent in clear ? Will kerberos work with form-based authentication ? thank you ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: al.mulnick@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx