Re: kerberos logon to IP address
- From: "Ondrej Sevecek" <ondass@xxxxxxxxxxxxxxxx>
- Date: Sat, 24 Jan 2009 11:14:39 +0100
I am sory to be this impolite, but would you be able to help me with this issue?
The question can be shortened to something simple like this:
"Vista will never use kerberos for servers (at least http, smb/cifs) whos name is specified by an IP address, is that right?
"And if it would use Kerberos, how one could make Vista use it apart creating the SPN and making it member of Local Intranet zone?"
many thanks and appologies for the rudeness.
"Mervyn Zhang [MSFT]" <v-mervzh@xxxxxxxxxxxxxxxxxxxx> wrote in message news:LBahzfreJHA.8120@xxxxxxxxxxxxxxxxxxxxxxxxx
Thank you for posting.
According to your description, I understand that:
Vista would not use Kerberos against an IP address even if you have created
SPN for the IP address.
If I have misunderstood the problem, please don't hesitate to let me know.
I would like to explain that Service principal names (SPNs) are unique
identifiers for services running on servers. Every service that uses
Kerberos authentication needs to have an SPN set for it so that clients can
identify the service on the network. Could you let us know how do you
create SPN for the IP address?
Also, what do you mean by "Vista is NOT willing to use Kerberos against an
There are some Kerberos Enhancements in Vista but these enhancements should
not affect the work of Kerberos. For more information about those changes,
please refer to the article below:
Could you let us know where did you find that Windows XP try to generate a
ticket for IP address? Did you use the tool "Klist"? If there is any log,
report, it?s very helpful. A screenshot is better for troubleshooting.
You can send log file or screenshot to tfwst@xxxxxxxxxxxxxx Or please use
Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the file
and then give me the download address.
Microsoft Online Community Support
This posting is provided "AS IS" with no warranties, and confers no rights.
- Prev by Date: Re: highjacked?
- Next by Date: post
- Previous by thread: Re: kerberos logon to IP address
- Next by thread: CredSSP and kerberos credentials delegation