kerberos for Microsoft IIS/any http server?

Sanjay sanjay at cisco.com
Mon Nov 24 15:10:50 EST 2003


Hi,

Is there a simple howto on getting a Win2K client, logged on to Active
Directory (AD) domain, get a file from IIS server (running on AD server)
with Kerberos authentication ..?

-- IIS server is running on the Active Directory server (win2k domain
server).
Win2k Server, SP2
IIS 5.0
-- Win2K client is having SP2 & IE 5.5 SP2.

With network tracing, I see IIS sends back WWW-Authenticate headers of
Negotiate first, and then NTLM, but for some reason, Win2k client picks up
the NTLM related handshake, not Negotiate.

During Windows logon on this client, I made sure that I use a sample user
login from the above AD domain, and also made sure that Kerberos was
exchanged between the client and AD KDC server.

Now, how do I get the Kerberos handshake going over HTTP against IIS that is
running on the same AD server ?

Anyone got this going against any other HTTP server (Apache?)

tia,
Sanjay




More information about the Kerberos mailing list