Mutual authentication and delegation

Brian Krings krings at us.ibm.com
Fri Mar 8 15:04:30 EST 2002


I have a question about mutual authentication and delegation. I have an
application where I would like to delegate credentials. I do not
currently do mutual authentication. Using Windows 2000 as my KDC, I
cannot get delegated credentials unless I also pass the mutual
authentication flag to the SSPI InitializeSecurityContext. I don't see
any documentation from Microsoft or in the RFC's that would force this.
Does Microsoft have a bug? I do not have to request mutual
authentication if my client is a non-Windows machine (using GSSAPI).

Thanks in advance for any/all responses.
Brian




More information about the Kerberos mailing list