Instant Messaging

HTTP Digest Authentication

Exchange Instant Messaging Service offers two modes of authenticating users, Integrated Windows authentication and Digest authentication. Both forms of authentication rely on existing Windows 2000 passwords, and users configured to use these methods do not need to use a separate password for Instant Messaging. Integrated Windows authentication is the recommended form of authentication.

Digest authentication is an Internet Standard that allows clients to authenticate using a sequence of challenges and responses carried over HTTP. The Instant Messaging client transmits the password and other data in a highly secure and encrypted manner over the wire, significantly reducing the risk of spoofing. Digest authentication also works through proxy servers, allowing Instant Messaging clients to authenticate to their home servers through a proxy server.

Consider using Digest authentication only if you intend to run Instant Messaging clients on operating systems other than Windows (such as UNIX), or if you require that clients be able to authenticate to their home servers through an HTTP proxy.

If you decide to use Digest authentication, you need to first set the password policy at the domain controllers hosting the user accounts, and then reset any passwords already created. Users need to supply their passwords when logging in using Instant Messaging clients.

Related Topics

Integrated Windows Authentication