[THIN] Re: Authentication

  • From: "Jim Hathaway" <JimH@xxxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Thu, 26 Jun 2003 15:37:13 -0700

Hi Hector,=20

This option, when set on a custom connection within an ICA client is
stored in the users appserv.ini. According to CTX331178 at least, this
data in the 'password =3D' field is "scrambled".=20

        Password =3D

        A valid password for the specified user account. ICA Clients
expect password information entered for the Password parameter to be in
scrambled               format.=20


However, Citrix's latest INI file refrence PDF, states this for the same
variable:

        Password =3D Specifices the "encrypted" password to use when
refreashing the associated custom *.ica connection.


If you're selecting to 'save password' on an application set within the
ICA client, then the password data is stored within a *.vl file located
under the user's '\app data\icaclient' directory. According to yet
another INI file refrence guide from Citrix discussing the *.vl files:

        Filename.vl =3D Data file for a particular application set. The
file name is randomly generated. This file contains a database of
applications in the     application set. The user name and domain are
stored in the application set section of the PN.ini. The password is
encrypted using a proprietory   algorithm and stored with the
application information in the *.vl file.=20
=09


Although I can't find a conclusive statement out there to admit it, my
assumption here would be that the afore mentioned 'proprietory
encryption algorithm' is used for all password encryption within the
various files used by the ICA client, whether set on a custom connection
or on an application set. Regardless of my assumptions, if you try and
enter a clear text password manually within the appserv.ini file for any
custom connection, the password will not be accepted, and the user will
be prompted for a login to the server / app.=20

HTH

J



-----Original Message-----
From: Minero Hector B DLVA [mailto:MineroHB@xxxxxxxxxxxxx]=20
Sent: Thursday, June 26, 2003 1:03 PM
To: Thin (E-mail)
Subject: [THIN] Authentication


Hi all , I have an easy question:

When you select to "save password" in the ICA client properties, is that
password encrypted? If so, what kind of encryption?

_________________________________
Hector Minero
NSWCDD Code K55
Ph: (540)653-8859
Fax:(540)653-8575

********************************************************
This weeks sponsor - RTOSoft TScale=20
Complaints about applications response time - DO SOMETHING ABOUT IT!
TScale 2.0 improves applications response time and increases terminal
server capacity. Really get MORE from your existing servers! Free eval:
http://www.rtosoft.com/enter.asp?id=3D130
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This weeks sponsor - RTOSoft TScale 
Complaints about applications response time - DO SOMETHING ABOUT IT!
TScale 2.0 improves applications response time and increases terminal
server capacity. Really get MORE from your existing servers! Free eval:
http://www.rtosoft.com/enter.asp?id=130
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts: