Re: Kerberos with Windows Integrated authentication

---

• From: "Peter Foldes" <xxxx@xxxxxxxxx>
• Date: Sat, 3 Jan 2009 20:56:11 -0500

---

I am using OE as the newsreader. If I put in server.security in the newsgroups search field then the group pops up for me.
As far as the OP goes ,he posted there and got his reply and was happy. I never assumed that you do not know what you are talking about but on the contrary I do know that you do. I was simply pointing out that the newsgroup is accessible by going through the Web ady. I was assuming that the OP is not using a newsreader since he posted through that awful Web Interface and I gave him a direct access to the correct newsgroup
--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"FromTheRafters" <erratic@xxxxxxxxxxxxxxxxx> wrote in message news:utZfsHgbJHA.4480@xxxxxxxxxxxxxxxxxxxxxxx

I did look, and I wasn't able to 'navigate' there on that webpage.
It is however possible to use the 'search' function on that page to
access that group.

I posted the other webpage because I was able to 'navigate' to
the group you posted - just in case he would rather 'navigate'
than 'search'.

Did you look at the format for navigating on the page I posted,
or did you just assume I didn't know what I was talking about?

Navigating on the page he uses (given the actual newsgroup name)
is awkward - the page I posted is more straightforward.

"Peter Foldes" <xxxx@xxxxxxxxx> wrote in message news:etve3FbbJHA.4380@xxxxxxxxxxxxxxxxxxxxxxx

You need to look. He did already post there as per my link and that newsgroup (microsoft.public.windows.server.security) is violable and busy. And his issue with Kerberos belongs there in the server.security group

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"FromTheRafters" <erratic@xxxxxxxxxxxxxxxxx> wrote in message news:em76obSbJHA.2620@xxxxxxxxxxxxxxxxxxxxxxx

general security discussions = microsoft.public.security?
...and I don't see microsoft.public.windows.server.security
anywhere.

Maybe it would be better for you here:

http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?guid=1A61081E-1F66-5F7F-B5BA-04767E55A63B

"lobezno" <lobezno@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:63ECC57E-6864-4D13-8D6C-B12C45B089B2@xxxxxxxxxxxxxxxx

OK. I do it, but one question. Wich group is this??
I'm in: http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
then, I select "english\servers\windows server\security\security general"

Why it's wrong??? you URL has different contents, it's true, but I don't
know, in wich group I am.

Thanks.

"Peter Foldes" wrote:

lobezno

You need to repost this to the following newsgroup. This is the wrong newsgroup for
this.The newsgroup is windows.server.security

On the web:
http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?dg=microsoft.public.windows.server.security


--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"lobezno" <lobezno@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BC6F4478-063D-431B-930E-CFEA98BE89E3@xxxxxxxxxxxxxxxx
> Hi,
> I need help with Kerberos and Windows integrated security.
>
> My system is:
> All the servers and clients are in the same domain with the same OS: windows
> server 2003 Enterprise R2 SP2
> Domain controller, IIS, Client.
> Intenet Explorer 6 Sp2
>
> I open IE 6 and request a page. The resource is protected (using Windows
> Integrated Authentication, with no anonymous allowed). Login screen prompt
> me. I put
>
> a valid login and pwd, and I get the page. This is the secuence:
> ----------
> GET /home/home.aspx HTTP/1.1\r\n
> HTTP/1.1 401 Unauthorized\r\n
>
> Kerberos AS-REQ
> Kerberos AS-REP
> Kerberos TGS-REQ
> Kerberos TGS-REP
>
> GET /home/home.aspx HTTP/1.1\r\n
> [truncated] Authorization: Negotiate YIIEnQYGKw......
>
> HTTP/1.1 200 OK\r\n
> [truncated] WWW-Authenticate: Negotiate oYGfMIGcoA......
> ----------
>
> Question 1: in the OK response, How IIS server generates the
> WWW-Authenticate header? I thought that It should be the same value that
> client sends to server
>
> in his Authorizaztion header.
>
> Let's follow. I press F5 and reload the page. Obiously I don't need to put
> my login/pwd again and I get the same page. This is the secuence:
> ----------
> GET /home/home.aspx HTTP/1.1\r\n
> HTTP/1.1 401 Unauthorized\r\n
>
> Kerberos AS-REQ
> Kerberos AS-REP
> Kerberos TGS-REQ
> Kerberos TGS-REP
>
> Question 2: Why next request, has not a Authorization header and reuse the
> token? Why it needs to get a new ticket from KDC??
>
> GET /home/home.aspx HTTP/1.1\r\n
> [truncated] Authorization: Negotiate YIIEnQYGKw......
>
> HTTP/1.1 200 OK\r\n
> [truncated] WWW-Authenticate: Negotiate oYGfMIGcoA......
>
> Question 3: Last request/response, has the same headers values than first.
> It seems that client "reuse" the ticket. But, if this it's true, Why it > needs
> (AS
>
> -REQ, AS-REP, TGS-REQ, TGS-REP) cycle again?? Why when I press F5, the
> client request is not directly:
> GET /home/home.aspx HTTP/1.1\r\n
> [truncated] Authorization: Negotiate YIIEnQYGKw......
> ----------
>
> Any help will be gratefully.
> Thanks a lot.

.

---

• Follow-Ups:
  • Re: Kerberos with Windows Integrated authentication
    • From: FromTheRafters

• References:
  • Kerberos with Windows Integrated authentication
    • From: lobezno
  • Re: Kerberos with Windows Integrated authentication
    • From: Peter Foldes
  • Re: Kerberos with Windows Integrated authentication
    • From: lobezno
  • Re: Kerberos with Windows Integrated authentication
    • From: FromTheRafters
  • Re: Kerberos with Windows Integrated authentication
    • From: Peter Foldes
  • Re: Kerberos with Windows Integrated authentication
    • From: FromTheRafters

• Prev by Date: Re: Is this real??
• Next by Date: Re: Kerberos with Windows Integrated authentication
• Previous by thread: Re: Kerberos with Windows Integrated authentication
• Next by thread: Re: Kerberos with Windows Integrated authentication
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Citrix/ISA ... Microsoft CSS Online Newsgroup Support ... |> server" will not affect your Web proxy functionality. ... |> requests from firewall client and SecureNAT client will not be able to ... |> HTTP redirector filter is used to grab the HTTP/HTTPS/FTP requests from ... (microsoft.public.windows.server.sbs) RE: Critical Errors in System Log ... I look forward to working with you in this Newsgroup ... Microsoft CSS Online Newsgroup Support ... | EventID: 4 Source: Kerberos ... | The kerberos client received a KRB_AP_ERR_MODIFIED error from the server ... (microsoft.public.windows.server.sbs) RE: Kerberos And Wan (slow login) ... Kerberos Autentication and the problem is solved. ... SBS and remote site and the event 672 appears in Security Event when you ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... (microsoft.public.windows.server.sbs) Re: Kerberos with Windows Integrated authentication ... You need to repost this to the following newsgroup. ... I need help with Kerberos and Windows integrated security. ... Domain controller, IIS, Client. ... has not a Authorization header and reuse the ... (microsoft.public.security) Re: Kerberos with Windows Integrated authentication ... He did already post there as per my link and that newsgroup is violable and busy. ... And his issue with Kerberos belongs there in the server.security group ... > Domain controller, IIS, Client. ... > I open IE 6 and request a page. ... (microsoft.public.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security  > 2009-01