Kerberos token in windows logon

Kerberos token in windows logon
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Kerberos token in windows logon lobezno 12-23-2008
Posted by =?Utf-8?B?bG9iZXpubw==?= on December 23, 2008, 5:45 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello
I'm working with a custom ISA Server, inside my filter I've created a
kerberos ticket using LsaLogonUser windows function.

Is it viable that for an Explorer navigator to reuse a ticket kerberos that
has been negotiated (on behalf of another user) between an ISA Server and an
IIS Server, to call that IIS Server with that Authoritation?

It means: we have created a ticket kerberos inside ISA (custom webfilter),
this ticket delegates to an IIS, and a SQL Server after (simple kerberos
constrained delegation), but in the response, there is no ticket returns to
the client (internet explorer). This is possible??

Thanks for all.

Posted by Peter Foldes on December 23, 2008, 9:16 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
You are posting to the wrong newsgroup. Repost to the one below

On the web:
http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?dg=microsoft.public.isa.configuration

or

On the web also
http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?dg=microsoft.public.isa

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

> Hello
> I'm working with a custom ISA Server, inside my filter I've created a
> kerberos ticket using LsaLogonUser windows function.
>
> Is it viable that for an Explorer navigator to reuse a ticket kerberos that
> has been negotiated (on behalf of another user) between an ISA Server and an
> IIS Server, to call that IIS Server with that Authoritation?
>
> It means: we have created a ticket kerberos inside ISA (custom webfilter),
> this ticket delegates to an IIS, and a SQL Server after (simple kerberos
> constrained delegation), but in the response, there is no ticket returns to
> the client (internet explorer). This is possible??
>
> Thanks for all.


Similar ThreadsPosted
Kerberos logon to Terminal Server prevents folder redirection. May 22, 2009, 11:02 am
Kerberos with Windows Integrated authentication January 2, 2009, 6:58 am
Token validation is inconsistent May 16, 2008, 10:25 am
ConnectServer using impersonation token October 20, 2008, 5:00 am
Security token design question July 28, 2005, 3:06 pm
Is there any SPNEGO/GSSAPI token creation API? August 9, 2005, 9:29 pm
How to create the SPNEGO token used in CIFS/SMB authentication? August 4, 2005, 7:42 pm
Send current user token to IIS server August 25, 2006, 7:37 am
"replace a process level token" security November 25, 2008, 1:18 pm
Windows Logon September 11, 2006, 8:14 pm

The site map in XML format XML site map

Contact Us | Privacy Policy