"Burruss, Dante M" wrote: > > I have a question, If SSPI using Kerberos protocol service installed on a > remote server (Window NT), in order for tickets from the client desktop to > be interpret by the KDC and authentification to take place the on the server > the client (desktop) must also have kerberos (client software) installed on > there computer? If this is true, what happens if you install SSPI on remote > server and a client try's to access the server and client don't have > kerberos installed on there system? > > I have a website where I need to authenticate using ASP and I need to get > the client public token for authentification. I need to fully understand how > to use Kerberos and install software.
The SSPI was introduced in NT 3 or 4, but did not use Kerberos. Kerberos was introduced in W2K. Kerberos is used for authentication within the Windows Domain. So your Active directory login is actually obtaining Kerberos tickets. IE and IIS when used within the domain can use SSPI to authenticate the web connection. So for your browser to access the web site, the client and the web server must be in the same domain or the domains must have a trust relationship. The SSPI when using Kerberos can interoperate with a UNIX machine which is using the Kerberos GSSAPI. This has some great promise for being able to extend the usefulness of the web authentication used between IE and IIS to other browsers and servers on non Windows machines. There may be some working being done on this. (Its early in the morning, so this might not be exactly correct, and others might have a better explanation.) > > Your response will greatly be appreciated. > > Thanks > > Dante M Burruss > Department of State > 703-875-4077 > Unclassified > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
