-
Notifications
You must be signed in to change notification settings - Fork 23
msapsspc
The distributed password authentication (DPA) client is a legacy SSP that provided another option for users to authenticate with servers over HTTP. DPA was used to authenticate users to the Microsoft Network (MSN), Site Server websites, BackOffice Servers, and other discontinued Microsoft solutions.
The package internally makes references to the Remote Passphrase Authentication (RPA) scheme which was developed and used by CompuServe. RPA is the security protocol that DPA is believed to be designed after.
It could not be identified when client versions of the package were first released (e.g., msapsspc.dll), but they were removed in NT 6.0.
Server versions of the package were not released with Windows (e.g., msapssps.dll), but were bundled with the installation media for now discontinued Microsoft server products such as Site Server and BackOffice Server.
DPA authentication for on premise resources required administrators to maintain a Membership Directory to store user information, which could be any ODBC-compliant database (ex. an SQL or LDAP server). The Membership Directory would store all user information in plaintext, including user passwords. Clearly, it is for the best that Microsoft has removed this package from Windows and has stopped supporting DPA.