Configuring Authentication on a Back-End Server

By default, HTTP virtual servers on the back end are configured to allow both basic authentication and Integrated Windows Authentication. You should use this default configuration.

Basic authentication passes the user name and password across the network in a lightly encoded (not encrypted) format. Integrated Windows Authentication refers to a package of authentication mechanisms (such as NTLM and Kerberos) that are more secure and that do not send the password across the network in clear text.

When the front-end HTTP virtual servers authenticate requests, authentication information is requested from the user. The user sends authentication information to the front-end server, which authenticates the user and then passes the information to the back-end server. The back-end server then authenticates the user, but it does not need to request authentication information from the user again.

• Exchange 2000 front-end servers will use basic authentication to the back-end server for HTTP access

• Exchange 2003 front-end servers will use integrated authentication to the back-end server for HTTP access

Only Internet Explorer supports Integrated Windows Authentication directly against a back-end server.