Windows Domain Authentication Security

I just setup a TeamCity server at work and switched on the Windows Domain authentication. People thought it was pretty stick but one user didn't want to enter his Windows username/password because of concerns that the TeamCity server could be doing something nefarious with that information (eg transmitting it to a 3rd party).My response was "don't be absurd". But it seems to be a real concern for him. What proof can I give him to convince him this isn't a concern?

I know that Windows Domain authentication is quite common across many web-based tools and I don't want to hit this issue again and again. Is there a best practice that is employed out there to guard against transmission of senstive data? I suppose we could firewall off the TeamCity server so it can't communicate outside our internal network.


1 comment
Comment actions Permalink


Windows Domain authentication uses NTLM protocol. And the fact is it does not actually transfer a sensitive data.
here I found a good description how the protocol works. In short, there is even no technical ability to steal a password because TeamCity application just doesn't have an access to it at any point of time.


Please sign in to leave a comment.