Delegating with Kerberos and host headers

Web Server Talk > Web Servers reviews > IIS server support > IIS Server Security > Delegating with Kerberos and host headers

Last Thread Next Thread Next

Delegating with Kerberos and host headers

Stig Johansen

02-26-04 02:34 PM

We have two Web servers, w1.domain and w2.domain, that now
both have been set up successfully to use Kerberos
authentication. This also works with a common host header
name, c1.domain, for the both these servers. This was
resolved by using the setspn utility to add HTTP/c1.domain
for both the Web servers to AD.

An ASP.NET application running on both these servers uses
delegation (w1 and w2 set to Trust to delegate in AD) to
open a folder structure on a third server. This works fine
if you connect to w1.domain/app or w2.domain/app.

But it does still fail to delegate using the host header
name. So connecting with c1.domain/app fails with an
access denied error on the remote server.

Any ideas why delegation does not work here?

Thx,
Stig

[ Post a follow-up to this message ]

Most Popular forums

Apache Server	MySQL for Windows	Sendmail
Red Hat Networking	SuSe Linux	Debian Linux
FreeBSD administration	Sun Solaris administration	Unix Shell programming
WebSphere Portal Server	Exchange 2000 administration	PostgreSQL administration
Linux Security	Computer Security	Firewalls

Forum Jump:

Forum Rules:

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF

Medical and Health forum | Computer Games Reviews | Graphics design forum

Automated OffSite Backup	Shopping Cart Software
RAM Memory Upgrades

Syndicate this forum via XML or simple JavaScript feed

Home | Usercp | Faq | Register