Delegating with Kerberos and host headers
From: Stig Johansen (anonymous_at_discussions.microsoft.com)
Date: 02/26/04
- Next message: Tom Kaminski [MVP]: "Re: IIS 5.1, Anonymous Browsing & FP Secured Publishing"
- Previous message: Tom Kaminski [MVP]: "Re: Special Directories"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Feb 2004 05:55:52 -0800
We have two Web servers, w1.domain and w2.domain, that now
both have been set up successfully to use Kerberos
authentication. This also works with a common host header
name, c1.domain, for the both these servers. This was
resolved by using the setspn utility to add HTTP/c1.domain
for both the Web servers to AD.
An ASP.NET application running on both these servers uses
delegation (w1 and w2 set to Trust to delegate in AD) to
open a folder structure on a third server. This works fine
if you connect to w1.domain/app or w2.domain/app.
But it does still fail to delegate using the host header
name. So connecting with c1.domain/app fails with an
access denied error on the remote server.
Any ideas why delegation does not work here?
Thx,
Stig
- Next message: Tom Kaminski [MVP]: "Re: IIS 5.1, Anonymous Browsing & FP Secured Publishing"
- Previous message: Tom Kaminski [MVP]: "Re: Special Directories"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
