|
Posted by Ondrej Sevecek on January 12, 2006, 9:46 am
If you were Registered and logged in, you could reply and use other advanced thread options
for built-in SSPIs probably not, as what I suppose. The client machine
identity does not travel within the authentication exchange.
You would need to have your own client-server application. The server would
then require a service ticket back for the clients machine.
Normally, with kerberos in place, only the user knows what the server
identity is.
The only thing you can consult is the fact, that without windows 2003 dc you
have no choice to obtain user ticket without having valid machine ticket
that in fact authenticates the machine. But I do not think you can get this
with w2k3.
O.
> Hi,
>
> Is it possible to use SSPI for the server to validate the identity of a
> client machine (not the user on the client machine, but rather the client
> machine itself)? In oter words if a client machine claims to be
> workstation@MyNtDomain.com, can the server verify, during the process of
> user authentication, whether the client machine is also what it claims to
> be
> (eg: does the client really belong to the MyNtDomain.com?)
>
> Thanks,
> Prasanna
>
>
>
>
| 
XML site map