You can configure Entourage to use the strongest authentication method that is available under the current network and Microsoft Exchange configurations. Users may be authenticated to an Exchange server in any of the ways listed for WebDAV(Also known as WebDAV). World Wide Web Distributed Authoring and Versioning. An Internet protocol that is used by Entourage and Outlook Web Access to communicate with an Exchange server. transactions in the following table.
Please note that the types of authentication methods that are available for Microsoft Exchange e-mail accounts can vary depending on whether authentication is performed on a front-end server or on a back-end server.
Authentication method | Type of authenticating server | Description |
|---|---|---|
Basic authentication | Back-end server | Basic authentication is the least secure authentication method that is supported by Entourage 2008. |
Digest authentication | Back-end server for Exchange 2000 and Exchange 2003 Client Access server for Exchange 2007 | Digest authentication transmits passwords in hashed form, which offers limited security. Digest authentication can be used with or without Secure Sockets Layer (SSL). |
Integrated Windows (Kerberos and NTLM) authentication | Back-end server for Exchange 2000 and Exchange 2003 Client Access server for Exchange 2007 | Integrated Windows authentication (formerly known as NTLM authentication) is the strongest authentication method that is supported by Entourage and Microsoft Exchange. It incorporates its own encryption methods and therefore does not require SSL. Note In Microsoft Exchange Server 2007, Client Access server supports Integrated Windows authentication and HTTP 1.1 Digest authentication for Exchange 2007 virtual directories. A Client Access server that is redirecting to a back-end server that is running Exchange 2000 or Exchange 2003 supports only Basic authentication and forms-based authentication. |
Client certificate-based authentication | Front-end server | Client certificate-based authentication is available with Entourage 2008 for Mac Service Pack 1 (SP1). This authentication is a type of two-factor authentication that uses two separate items, a client certificate and a password, to verify a user's identity. |
Forms-based authentication | Front-end server | Forms-based authentication transmits user credentials through HTML forms that users fill out. The credentials are then processed by using Basic authentication. Forms-based authentication requires SSL. Enabling Forms-based authentication and SSL on a front-end server makes it possible for an organization to provide access to Microsoft Exchange resources from the Internet with programs such as Outlook Web Access and Entourage in a more secure manner. Notes
|
No matter what authentication method you use with DAV, the data is transmitted in a plain-text XML stream between the user and the server. Third parties could discover this data by using network monitoring or packet sniffing tools. If your users use Microsoft Exchange accounts for critical or sensitive information, we recommend that you use SSL to encrypt the data that is transmitted between the user and the server, particularly for users who access their accounts from outside the corporate network. For added security when mail travels between your server and servers outside your organization, we recommend certificate encryption.
For information about how to enable SSL in Entourage 2008, see Enable Secure Sockets Layer in the Office 2008 Planning section.
