kerberos for Microsoft IIS/any http server?

Sanjay Sane sanjays at cisco.com
Tue Nov 25 19:33:40 EST 2003 

Thanks for the reply.
I was using Microsoft AD as KDC, with IE 5.x clients logged on Win2k SP2
machines.
I'll also try out Mozilla's SPNEGO implementation.

-Sanjay

"Wyllys Ingersoll" <wyllys.ingersoll at sun.com> wrote in message
news:1069797400.6893.107.camel at pebblebeach.wki.test.net...
>
> Check out http://negotiateauth.mozdev.org
> This guy has an extension for mozilla for supporting
> Microsoft's Negotiate mechanism.  However, his version
> currently only supports Heimdal's Kerberos/GSSAPI.
> This site also has links to Apache plugins which support
> the IIS negotiate method.
>
> Also take a look at
> http://bugzilla.mozilla.org/show_bug.cgi?id=17578
>
> I posted a more generalized patch for Mozilla which *should*
> be able to compile with Heimdal, MIT, or Solaris Kerberos
> implementations.  It likely will not appear in Mozilla
> until release 1.7, though.  In the meantime, extensions for
> Mozilla 1.5 (and 1.6) should start appearing sometime
> in the near future.
>
> You don't mention what browser you are using or
> what OS platform you are using.
>
> -Wyllys
>
>
>
>
> On Mon, 2003-11-24 at 15:10, Sanjay wrote:
> > Hi,
> >
> > Is there a simple howto on getting a Win2K client, logged on to Active
> > Directory (AD) domain, get a file from IIS server (running on AD server)
> > with Kerberos authentication ..?
> >
> > -- IIS server is running on the Active Directory server (win2k domain
> > server).
> > Win2k Server, SP2
> > IIS 5.0
> > -- Win2K client is having SP2 & IE 5.5 SP2.
> >
> > With network tracing, I see IIS sends back WWW-Authenticate headers of
> > Negotiate first, and then NTLM, but for some reason, Win2k client picks
up
> > the NTLM related handshake, not Negotiate.
> >
> > During Windows logon on this client, I made sure that I use a sample
user
> > login from the above AD domain, and also made sure that Kerberos was
> > exchanged between the client and AD KDC server.
> >
> > Now, how do I get the Kerberos handshake going over HTTP against IIS
that is
> > running on the same AD server ?
> >
> > Anyone got this going against any other HTTP server (Apache?)
> >
> > tia,
> > Sanjay
> >
> >
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> --
> Wyllys Ingersoll <wyllys.ingersoll at sun.com>
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

More information about the Kerberos mailing list