Application Server and KDC share some information like Service Tktkey?

Surendra Babu A surendra.a at samsung.com
Thu Dec 29 00:29:04 EST 2005 

Hi,

Thank you for the reply.

1. Windows Exchange server (SMTP server running with that) can be used for
Kerberos Server Authentication?

2. I could not get proper response from the SMTP server when I sedn the
service tkt+authenitcator information to the SMTP server.

Let me tell you clearly.

I am using Microsoft 2000 exchange server. It has SMTP service. I am able to
to do User Authentication but not Server Authentication.

For Server Authentication, I am sending the SMTP service tkt + Authe
nticator information to the SMTP server. The SMTP server is sedning the
response. But myKDC is not able to decode the response.

That means, some thing to be done (keytab file generation/etc) to be at done
at SMTP server side???

Please let me know your thoughts.

Happy Christmas.

Regards,
-Surendra

----- Original Message ----- 
From: "Surendra Babu A" <Surendra.a at samsung.com>
To: "Paul B. Hill" <pbh at MIT.EDU>
Sent: Thursday, December 29, 2005 5:48 AM
Subject: Re: Application Server and KDC share some information like Service
Tktkey?


> I am using Microsoft 2000 exchange server. It has SMTP service. I am able
to
> to do User Authentication but not Server Authentication.
>
> For Server Authentication, I am sending the SMTP service tkt + Authe
> nticator information to the SMTP server. The SMTP server is sedning the
> response. But myKDC is not able to decode the response.
>
> That means, some thing to be done (keytab file generation/etc) to be at
done
> at SMTP server side???
>
> Please let me know your thoughts.
>
> Happy Christmas.
>
> Regards,
> -Surendra
>
>
>
> ----- Original Message ----- 
> From: "Paul B. Hill" <pbh at MIT.EDU>
> To: "'Surendra Babu A'" <surendra.a at samsung.com>
> Sent: Thursday, December 29, 2005 3:19 AM
> Subject: RE: Application Server and KDC share some information like
Service
> Tktkey?
>
>
> > Hello,
> >
> > An Exchange server does not include KDC functionality. An Exchange
server
> > will never issue a ticket. A Windows 2000 or 2003 Domain Controller does
> > include KDC functionality.
> >
> > No version of Exchange server support Kerberos authentication when using
> > either POP3 or IMAP protocols. Exchange only offers Kerberos support
when
> > using the MAPI interfaces. This means that Exchange will only support
> > Kerberos authentication for Outlook clients (within the same Windows
> domain)
> > and OWA.
> >
> > Microsoft's SMTP support within Exchange doesn't support Kerberos the
last
> > time I looked.
> >
> > What SMTP server are you using and has it been compiled with Kerberos
> > support? If it has not been compiled with Kerberos support creating a
> keytab
> > for the server will not do any good.
> >
> > Paul
> >
> > -----Original Message-----
> > From: kerberos-bounces at MIT.EDU [mailto:kerberos-bounces at MIT.EDU] On
Behalf
> > Of Surendra Babu A
> > Sent: Wednesday, December 28, 2005 1:17 AM
> > To: Douglas E. Engert
> > Cc: kerberos at mit.edu
> > Subject: Application Server and KDC share some information like Service
> > Tktkey?
> >
> > Hi Douglas,
> >
> > Could you please clarify the following issue? I am working on Kerberos
> > Server Authentication feature and using the Windows 2000 Exchange server
> as
> > the KDc server and SMTP server as the Application server.
> >
> > My aim: Server authentication should be done.
> >
> > Clarification on "Service Ticket Key":
> >
> > http://www.xml-dev.com/blog/index.php?action=viewtopic&id=21
> > In the above link, the 4th and 5th steps are little confusing for me.
> >
> > 1. In the 3rd step, KDC sends the Service Tkt encrypted with the
"Service
> > Tkt Key". and etc.
> >
> > 2. In the 4th step, Client sends the  same Service Tkt key and
> authenticator
> > to the Application server. That means, the KDC and Application server
> should
> > agree on one "Service Ticket key". That means, there should be some
> > communication between KDC and Application server. Right? How to
configure
> > the same with the Application server? Could you please let me know the
> same?
> >
> > Thank you,
> > -Surendra
> >
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
> >
> >
>

More information about the Kerberos mailing list