IIS Server Security - Delegating with Kerberos and host headers

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > February 2004 > Delegating with Kerberos and host headers





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Delegating with Kerberos and host headers
Stig Johansen

2004-02-26, 9:34 am

We have two Web servers, w1.domain and w2.domain, that now
both have been set up successfully to use Kerberos
authentication. This also works with a common host header
name, c1.domain, for the both these servers. This was
resolved by using the setspn utility to add HTTP/c1.domain
for both the Web servers to AD.

An ASP.NET application running on both these servers uses
delegation (w1 and w2 set to Trust to delegate in AD) to
open a folder structure on a third server. This works fine
if you connect to w1.domain/app or w2.domain/app.

But it does still fail to delegate using the host header
name. So connecting with c1.domain/app fails with an
access denied error on the remote server.

Any ideas why delegation does not work here?

Thx,
Stig
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com