[AccessD] Logon/Password Same as Network

Heenan, Lambert Lambert.Heenan at aig.com
Tue Sep 7 14:09:26 CDT 2004


"Instead of having to remember two different passwords..." This is just what
I thought you might be trying to do, and that's just what the NY Challenge
is supposed to be doing.  

There is nowhere for the OS to look up the password to validate it. Rather
the NT Login process takes the password from the user and passes it through
a one-way hash function. The output of the hash function is then checked in
a database to see if there is a match for it The point being that the
password *never* gets stored anywhere or transmitted over the network. The
hash function is one-way in that you cannot convert the hash value back to
the password.

That's the theory. Unfortunately the practice is a touch harder. First the
code I pointed you to is VB specific. It would need to be altered to make it
compile under VBA. 

To get it to compile with VBA all the code above "Private Sub Form_Load()"
needs to be moved into a standard module.
All the "Private Declare ..." lines need to be changed to "Public Declare
..."
All the "Private Type .." lines need to be changed to "Public Type ..."
All references to the three textbox's  ".Text." and ".Value" properties
should be changed to simple references to the textbox controls' names.

Having done all that you will be able to compile the code, but then you'll
find that all the example code is in any case Windows 2000 or later
specific. The core part of the code (the function AuthenticateUser) first
tests the OS version (the function call IsWinNT2000Plus), and it it's not
20000 or greater nothing is done to authenticate at all. ;-(

So even though it's called the NT authentication, this code only works on
W2K and higher. I've yet to find a working version of this authentication
code for NT4 but it must be out there somewhere.

Lambert
	
> -----Original Message-----
> From:	Nicholson, Karen [SMTP:cyx5 at cdc.gov]
> Sent:	Tuesday, September 07, 2004 1:40 PM
> To:	Heenan, Lambert
> Subject:	RE: [AccessD] Logon/Password Same as Network
> 
> I don't think the Windows NT Challenge is what I am looking for, seems
> to apply to asp, internet etc.  What I want to do is this:  user logins
> in the morning on their server.  I can capture the user name that was
> used to logon and display on the form, for instance I am cyx5.  Now,
> when the user opens up my Access application, I want a form that
> displays the cyx5 in one text box (done) and another text box that is
> blank for them to enter in their password.  Instead of having to
> remember two different passwords, I would like the password that is
> entered on my Access form to lookup their network password to do a
> match.  If it does not match, throw them out.  If it does, open up my
> switchboard menu.
> 
> -----Original Message-----
> From: Heenan, Lambert [mailto:Lambert.Heenan at AIG.com] 
> Sent: Tuesday, September 07, 2004 12:03 PM
> To: 'Access Developers discussion and problem solving'; Nicholson, Karen
> Subject: RE: [AccessD] Logon/Password Same as Network
> 
> 
> What's "the password"? Do you mean the logging password used for Access
> Security? Why would you want to make this the same as the users LAN
> login
> password? To do so would require your to keep the two synchronized and
> that
> would be a pain. Or do you in fact want to use the "Windows NT
> Challenge"
> process to validate an already logged in user?
> 
> All I can say is that Authentication is kinda complex, but take a look
> here
> for an example....
> 
> http://vbnet.mvps.org/index.html?code/network/acceptsecuritycontext.htm
> 
> Just be sure not to store those passwords anywhere or you will open up a
> security hole big enough to drive an 18-wheeler through.
> 
> Lambert
> 
> 
> > -----Original Message-----
> > From:	accessd-bounces at databaseadvisors.com
> > [SMTP:accessd-bounces at databaseadvisors.com] On Behalf Of Nicholson,
> Karen
> > Sent:	Tuesday, September 07, 2004 11:28 AM
> > To:	accessd at databaseadvisors.com
> > Subject:	[AccessD] Logon/Password Same as Network
> > 
> > I know how to grab the logon from the network; is there a way to make
> > the password to be the same as the password housed on the network so
> > that the user will have the same logon/password?  Thanks!
> > 
> > Karen Nicholson
> > National Laboratory
> > Xerox Global Services
> > 
> > 
> > -- 
> > _______________________________________________
> > AccessD mailing list
> > AccessD at databaseadvisors.com
> > http://databaseadvisors.com/mailman/listinfo/accessd
> > Website: http://www.databaseadvisors.com



More information about the AccessD mailing list