Subscribe
Notify of
guest

8 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Pete
Pete
5 years ago

Everyone who does this now uses kerberos. Ntlm is an old Windows way and only really worked with Internet explorer. The username header bit is broadly correct. Kerberos is a technology for authenticating the user header is correct. Active directory is a combination of kerberos and ldap. Ldap is a database used for storing usernames, passwords and anything else useful.

Quentin Vole
Quentin Vole
5 years ago
Reply to  Pete

I was teaching Kerberos in the early noughties. Well-established technology back then (if not so easy to use as it is today).

The only way I could get anywhere near a £40M cost for this would be if every change had to be hand-installed from a floppy disk. Which, knowing how the NHS works, is almost certainly what’s going to happen.

PS Extended Win7 support is available from M$ for a small financial consideration. Search for “Extended Security Update (ESU) program”.

Bloke on M4
Bloke on M4
5 years ago
Reply to  Pete

I have to say that I don’t generally know the details. I’ve done some applications with Windows Authentication and on the server side coding, it’s very simple.

With the Oauth stuff, we just had a library that we called that gave us the user name and permissions.

Mr Yan
Mr Yan
5 years ago

Most likely the NHS have multiple providers who are responsible for different parts (PC on ward, servers in back-office, applications etc) who don’t want to work with each other.

Not helped that the contracts won’t have bothered to specific interworking in any detail and, even if they did, they won’t have people who can hold the likes of Crapita to them.

Bloke on M4
Bloke on M4
5 years ago
Reply to  Mr Yan

That shouldn’t really be a problem. What is a problem is not having an SSO strategy and specifying it in the contract. And that isn’t about Crapita running rings around people. People always say this, but that’s just excusing how crap the civil service is. It’s not hard to write that sort of clause in a contract.

jgh
jgh
5 years ago

I’m currently working in the NHS upgrading GPs’ PCs to Windows 10, and nothing in the original article strikes true. Staff member sits in front of PC, Ctrl-Alt-Delete, type in name and password, insert smart card, logged on and applications running within ten seconds. The only times there are any log-on delays is when somebody logs on for the first time to one of the brand new PCs I’ve just installed as the profile is rebuilt – but that’s a one-off issue. If the OP is taking 17 minutes to log onto her computer, she’s really screwed it up. Is… Read more »

Pcar
Pcar
5 years ago
Reply to  jgh

@jgh

As you say, 17 min logon even with slow network seems a lie or self-inflicted

An ‘always click Yes/OK’ person

Free Trial/Version of AVG, Avira, Bitdefender, Kasperksky, McAfee, Sophos, Trend etc all running

Heavy pretty themes, screen-savers, wallpapers running

Swap file being thrashed…

As for Matt “Chinless Wonderboy” Hancock – a know nothing throwing other people money at his problem and hoping something works

Hmm, rather like a drug addict stealing for next temporary fix

Spike
Spike
5 years ago

Ease of use (including quick and easy log-in) is a value. But there is an unlimited number of other values. And in a single system to serve everyone, each value is represented by a committee, all managed by a headless monster, with no recourse when one of the values is pursued to obsession. I tend to agree with JGH that it usually doesn’t take 17 minutes to log in; but if it did given the essence of the NHS, it would be unsurprising. There would be a good policy reason, too, why that patient died of thirst in the corridor.