Build failure with Kerberos for Windows 3.0

Jeffrey Altman jaltman2 at nyc.rr.com
Thu Mar 9 22:32:18 EST 2006


Yi wrote:
> I have NetIDMgr.exe running on my machine, but it is not prompting for
> any credential. I am testing ticket forwarding capability wih my
> program, by invoking it via CGI from a web browser client. So it is
> possible that process cannot communicate with NetIDMgr.exe.
> 
> I checked the UserID of that process, and it did return the right user
> name of the requesting client. It seems the web browser ( IE ) doesn't
> send a forwardable ticket to the web server ( Microsoft IIS), or the
> web server doesn't imperonate the user properly, thus the invoked
> process doesn't really have the credential of the requesting user and
> must obtain a new one on the spot.
> 
> So my question really should be: how can I pass the credential of the
> requesting client to the CGI program? I guess it is more an issue of
> the web server than of GSSAPI library.
> 
> Thanks.

Microsoft applications such as Internet Explorer and IIS do not use
the MIT libraries at all.  Therefore, none of the MIT tools will be
involved in the discussion.

Assuming that Internet Explorer is forwarding the credential to IIS,
the only way the credential can be used is by requesting impersonation
within the IIS thread which kicks off the CGI.  The MIT GSSAPI libraries
will not be involved in this.

A better forum to ask your question might be the
microsoft.public.platformsdk.security newsgroup.

Jeffrey Altman



More information about the Kerberos mailing list