Security

In order for you to correctly use Digest authentication, the following must be set up on the server:

Windows 2000 Server must be in a domain.
A file called IISUBA.DLL must be installed on the domain controller. This is copied automatically during Windows 2000 Server setup.
All user accounts must be configured to have the Save password as encrypted clear text option enabled, as shown in the first figure below. This is an option on each user object in the Active Directory. Setting this option requires the password to be reset or re-entered.

IIS 5.0 must be configured to use Digest authentication. See the second figure below.

Setting the Save password as encrypted clear text Option

Setting IIS 5.0 to Support Digest Authentication