Exchange automatically enables basic authentication. Although most clients support this method of transmitting user passwords across the network, data is sent as unencrypted information. To enhance security, you can use SSL with basic authentication to encrypt all information.
Important Anonymous access is disabled if you use basic authentication or integrated Windows authentication. If you want to authenticate the majority of users and still allow anonymous access to public newsgroups, it is recommended that you create an additional NNTP server and specifically configure it to support anonymous connections.
To choose authentication methods:
|Allow Anonymous||This authentication method allows any client to access a newsgroup without providing a user name or password.|
|Basic authentication||This authentication method requires the user to provide a valid Windows user name and password. The user's information is sent as unencrypted clear text across the network. To encrypt account information, you can use SSL with basic authentication.|
|Integrated Windows authentication||This security option requires a valid Windows 2000 user account name. It authenticates users by relaying their Windows credentials directly to the server without requesting information from them or transmitting unencrypted information across the network.|
|Enable SSL client authentication||This method secures client authentication using SSL encryption and certificates. An SSL server certificate is required.|
Note When you use basic authentication or integrated Windows authentication, you set one of the two parameters that control security in Windows 2000; parameters upon which Exchange is based. Windows 2000 security is based on two parameters: authentication and authorization. After you choose an authentication method in Exchange, you must also authorize users to access a directory through access controls lists (ACLs)in Windows 2000. See the Windows 2000 documentation for information on how to grant permissions to Active Directory objects.