GMS and blank password security testing.

Is there any documentation that states categorically whether or not a passwordless mailbox can be authenticated to via GMS? If not, is there a client like tool that I can test GMS logon without a password?

All ActiveSync clients and tools that I have tried so far require a password be entered on the client side before the tool will attempt to authenticate. Is there one that will test with a null password?

Parents Reply Children
  • Suggested Answer

    0   in reply to   

    Typically there is an LDAP authentication set on a PO and that inforces to use directory passwords. A GW client can work via SSO without providing a password directly within the client .. but there is already an authentication behind .. user must logon with AD account. So it is only "skipping" passwords for the application. I am not aware of a device that can use an SSO.

    The entire concept of SSL enabledSOAP / trusted application used by GMS implies security requirements where I do not see a point in login without any pwd. Although I have not seen that written directly, I suspect we would not allow such login.