|
Posted by Brian Komar on August 19, 2005, 7:35 am
If you were Registered and logged in, you could reply and use other advanced thread options
The Web server must be a member of a Windows 2000 or Windows Server 2003
domain to use Kerberos authentication. By setting the authentication
requirements on the Web server to integrated, you will get your Kerberos
authentication.
In addition, you may have to set the computer account of the Web server
to be "trusted for Delegation" (this is set in the properties of the
computer account in Active Directory). This will allow the Web server to
impersonate the user through Kerberos impersonation.
HTH,
Brian
overboredNO@SPAMoverbored.net says...
> Hi all,
>
> I'm trying to get this simple test program to work for Kerberos:
>
> http://www.pluralsight.com/samplecontent/sspi_auth.cpp
>
> It works when I change the string in main() to "NTLM", but when using
> "Keberos", AcquireCredentialsHandle() fails ("The logon attempt
> failed").
>
> Can anybody tell me if there's something I need to set up in Windows
> first for this program to work? According to the doc at:
>
> http://www.microsoft.com/windows2000/techinfo/howitworks/security/kerber
> os.asp
>
> I need to enable the AS and the TGS, but I found no such services in the
> Services control panel. Does Kerberos authentication only work when you
> have domains, hence AD, hence Windows 2000 Server? In that case, is this
> program meant to be run on the DC (since that's the machine with the
> passwords)? Or can this be run on any of the domain members (meaning the
> Kerberos SSP will actually communicate with the DC behind the scenes)?
>
> Thanks in advance for any help!
>
| 
XML site map