IIS Server Security - Kerberos authentication

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > June 2007 > Kerberos authentication





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Kerberos authentication
Ronald Ruijs

2007-06-06, 1:21 pm

Hi,

For Kerberos authentication to work on Windows Server 2003/IIS 6 with IE 6
client, does the w3svc service need to run under a domain account, or is
Localsystem OK, too?

My IIS does NTLM only, and I can't figure out why...

Thanks,

Ronald


Ken Schaefer

2007-06-07, 1:19 am

There is no need to run under a domain account. Network Service (or Local
Server, or LocalSystem) is fine. You just need to register the SPN under the
correct account.

IIS and Kerberos Part 1 - What is Kerberos and how does it work?
http://www.adopenstatic.com/cs/blog.../10/19/512.aspx

IIS and Kerberos Part 2 - What are Service Principal Names?
http://www.adopenstatic.com/cs/blog.../11/19/606.aspx

IIS and Kerberos. Part 3 - A simple scenario
http://www.adopenstatic.com/cs/blog...01/16/1054.aspx

IIS and Kerberos Part 4 - A simple delegation scenario
http://www.adopenstatic.com/cs/blog...01/27/1282.aspx

Cheers
Ken


"Ronald Ruijs" <ruijs@rvc.nl> wrote in message
news:uqG62PFqHHA.2044@TK2MSFTNGP04.phx.gbl...
> Hi,
>
> For Kerberos authentication to work on Windows Server 2003/IIS 6 with IE 6
> client, does the w3svc service need to run under a domain account, or is
> Localsystem OK, too?
>
> My IIS does NTLM only, and I can't figure out why...
>
> Thanks,
>
> Ronald
>

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com