[29300] in Kerberos

home help back first fref pref prev next nref lref last post

Re: IIS refuse un-preauth-ed tickets?

daemon@ATHENA.MIT.EDU (John Washington)
Tue Feb 19 12:11:49 2008

Date: Tue, 19 Feb 2008 11:11:11 -0600
From: John Washington <jawashin@uiuc.edu>
To: kerberos@mit.edu
Message-ID: <20080219171111.GE26751@localhost>
MIME-Version: 1.0
In-Reply-To: <806d909c-eb80-4001-b466-124a94834452@d21g2000prf.googlegroups.com>
Content-Type: multipart/mixed; boundary="===============1278727297=="
Errors-To: kerberos-bounces@mit.edu


--===============1278727297==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="a1QUDc0q7S3U7/Jg"
Content-Disposition: inline


--a1QUDc0q7S3U7/Jg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

There is a requirement that preauth'ed service accounts (which IIS would =
=20
have) only accept preauthed tickets.

* Speedo <speedogoo@gmail.com> [2008-02-19 10:32]:
> Sorry to post into 2 groups.
>=20
> I have a Java application using Kerberos to talk to IIS on a Windows
> domain. First I call java's kinit and then use the acquired initial
> TGT to connect to IIS with JGSS. When the initial ticket is pre-
> authed, I can get the web content. However, if I set the user account
> as "do not require preauth" and acquire such an un-preauth-ed initial
> TGT, and then get a service ticket for IIS using this TGT, it seems
> this ticket cannot be used to retrieve pages from IIS (using SPNEGO).
> Is this a designed feature?
>=20
> Thanks
> Speedo
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

--=20
John Washington       Security Officer,=20
University of Illinois Urbana-Champaign

--a1QUDc0q7S3U7/Jg
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHuw2vHn2eIhmhvSIRAqk9AKCDtnksHCc/LniufkGrkDT8ub1gvACfb0cy
XxKx/PogzS9jmTFtgxv2VRE=
=0yez
-----END PGP SIGNATURE-----

--a1QUDc0q7S3U7/Jg--

--===============1278727297==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

--===============1278727297==--
home help back first fref pref prev next nref lref last post