I think I say little more for undestanding me. For example, IIS has virtual folder "secure" with some security settings and file that have filesystem security settings (NTFS). I want file from IIS: http(s)://localhost/secure/securedfile, browser redirect me on weblogin, after login with Kerberos authentication browser redirect me back to http(s)://localhost/secure/securedfile. After, Cosign ask me password once again?
-----Original Message----- From: Jarod Malestein [mailto:[EMAIL PROTECTED] Sent: Thursday, April 10, 2008 8:09 PM To: Bliznets Roman Cc: [email protected] Subject: Re: [Cosign-discuss] cosign and IIS, windows based authentication The short answer is no. The user's Kerberos principal, for the IIS filter, is put in the HTTP_REMOTE_USER server variable and their Kerberos realm is the first COSIGN_FACTOR space-delimited string (or the HTTP_REMOTE_REALM value). The IIS filter is also able to retrieve and store a Kerberos TGT from the central weblogin server. The path to the stored ticket is in the server variable KRB5CCPATH. The IIS filter itself does not create any sort of Windows token. It certainly would be fantastic if the IIS filter did do this, though. Ideally, the IIS filter would take the user's Kerberos ticket and use that to create some sort of Windows-specific Kerberos credentials, then convince the IIS process to use that token. Jarod On Apr 10, 2008, at 1:46 AM, Bliznets Roman wrote: > Hi, > > > > I have win2003 with Active Directory. As I know cosign support > Kerberos, Can cosign authenicate me on IIS as windows based user? > > > > Thanks in advance. > > ---------------------------------------------------------------------- > --- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save > $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http:// > java.sun.com/javaone_______________________________________________ > Cosign-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/cosign-discuss ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
