IIS refuse un-preauth-ed tickets?
John Washington
jawashin at uiuc.edu
Tue Feb 19 12:11:11 EST 2008
There is a requirement that preauth'ed service accounts (which IIS would
have) only accept preauthed tickets.
* Speedo <speedogoo at gmail.com> [2008-02-19 10:32]:
> Sorry to post into 2 groups.
>
> I have a Java application using Kerberos to talk to IIS on a Windows
> domain. First I call java's kinit and then use the acquired initial
> TGT to connect to IIS with JGSS. When the initial ticket is pre-
> authed, I can get the web content. However, if I set the user account
> as "do not require preauth" and acquire such an un-preauth-ed initial
> TGT, and then get a service ticket for IIS using this TGT, it seems
> this ticket cannot be used to retrieve pages from IIS (using SPNEGO).
> Is this a designed feature?
>
> Thanks
> Speedo
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
John Washington Security Officer,
University of Illinois Urbana-Champaign
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20080219/e488ba11/attachment.bin
More information about the Kerberos
mailing list