If you are using the Remote Loader, the following table lists the recommended security configurations for the driver.
Table 9-2 Recommended Security Configuration for the Remote Loader
Parameter |
Description and Recommended Setting |
---|---|
|
The account the driver uses to access the domain data. Use the domain logon name, for example Administrator. |
|
The DNS name of the domain controller. If you don’t want to run the driver on your Active Directory domain controller, use hostname for the Negotiate method but use hostname or the IP address for the method. |
|
The password used for the . |
|
The password for the Remote Loader service. |
|
Select . |
|
In most environments, we recommend you select for this option and use SSL to secure communication between the Remote Loader and the domain controller.However, if the Remote Loader is installed on a member server, and you need to synchronize passwords, select for this option.Do not use this option with SSL. |
|
In most environments, we recommend you select for this option and use SSL to secure communication between the Remote Loader and the domain controller.However, if the Remote Loader is installed on a member server, and you need to synchronize passwords, select for this option.Do not use this option with SSL. NOTE:Sealing only works when you use the authentication method and the underlying security provider selects NTLM v2 or Kerberos for its protocols. |
|
Select if Remote Loader is on a member server. If Remote Loader is on a domain controller, select . SSL is required to perform a Subscriber password check, a Subscriber password set, and a Subscriber password modify operation when the driver shim is not running on the domain controller.SSL requires that the Microsoft server running the driver shim imports the domain controller’s server certificate. For more information, see By default, the parameter is set to . If you set this value to , the SSL pipe is encrypted for the entire conversation. An encrypted pipe is preferred because the driver typically synchronizes sensitive information. However, encryption slows the general performance of your servers. |