SSPI Kerberos Window NT 4.0
Douglas E. Engert
deengert at anl.gov
Wed Jul 30 08:35:29 EDT 2003
"Burruss, Dante M" wrote:
>
> I have a question, If SSPI using Kerberos protocol service installed on a
> remote server (Window NT), in order for tickets from the client desktop to
> be interpret by the KDC and authentification to take place the on the server
> the client (desktop) must also have kerberos (client software) installed on
> there computer? If this is true, what happens if you install SSPI on remote
> server and a client try's to access the server and client don't have
> kerberos installed on there system?
>
> I have a website where I need to authenticate using ASP and I need to get
> the client public token for authentification. I need to fully understand how
> to use Kerberos and install software.
The SSPI was introduced in NT 3 or 4, but did not use Kerberos. Kerberos was
introduced in W2K. Kerberos is used for authentication within the Windows
Domain. So your Active directory login is actually obtaining Kerberos tickets.
IE and IIS when used within the domain can use SSPI to authenticate the
web connection. So for your browser to access the web site, the client
and the web server must be in the same domain or the domains must have a trust
relationship.
The SSPI when using Kerberos can interoperate with a UNIX machine which
is using the Kerberos GSSAPI. This has some great promise for being able to
extend the usefulness of the web authentication used between IE and IIS to other
browsers and servers on non Windows machines. There may be some working being
done on this.
(Its early in the morning, so this might not be exactly correct, and others
might have a better explanation.)
>
> Your response will greatly be appreciated.
>
> Thanks
>
> Dante M Burruss
> Department of State
> 703-875-4077
> Unclassified
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list