I have a multi-tier applicaiton that resides in the resouce forest where the Webpage in tier 1 needs to use Kerberos Delegation of authentication to
connect to an applicaiton server in tier 2 in that same resource forrest. The web identity and the applicaiton identity are both operating as named account that also reside in the resource forest. Now when a normal every day user account needs to interact with this 3 tier app, it does so with a user account that resides in the Account Forest that is trusted by the resource forest. Can this delegation of authentication happen in the application given that the user account to be delegated is not only in a seperate forest but only has a 1 way forest trust. I know for 100% that this is not possible in a basic W2K forest. I thought this was not the case even in W2K3 without a 2 way trust but the more I research and read the more I am not sure about that. But I would love to find someone that has done this or knows for sure. I am begning to postulate that with a W2K3 native mode, and a forest trust the rules may have changed and that it is possible, but again I am not sure. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
