Hi,
We noticed that if we use IIS 5 (or 6) with Kerberos authentication by enabling "Integrated Windows Authentication" in IE and IIS settings - when a user is authenticated the REMOTE_USER HTTP header variable contains "domain\user" (NTLM format) instead of "[EMAIL PROTECTED]" (Kerberos format). We cannot reliably change domain\user into [EMAIL PROTECTED] in our code because there is not necessarily a 1:1 map between an NTLM format domain\user and the associated Kerberos principal name of the same user (due to case issues, aliases, how user account was configured in domain controller etc.). Does anybody know an easy way to solve this ? We are going to develop an ISAPI filter to meet our needs if nobody else has any better suggestions. Thanks, Tim. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
