You would need a front-end/back-end solution IIRC. The use of Kerberos authentication occurs after you set integrated authentication, but you can't do that for the anonymous users on the internet. Hence, clear-text auth is usually recommended. Have you checked out some of the docs on http://www.microsoft.com/exchange/library for some additional deployment suggestions for this scenario? Al -----Original Message----- From: m1r4cle_26@xxxxxxxxx [mailto:m1r4cle_26@xxxxxxxxx] Sent: Sunday, August 29, 2004 11:09 PM To: [ExchangeList] Subject: [exchangelist] RE: form based auth using kerberos ? http://www.MSExchange.org/ Thank you to Paul & Al for the replies. So, from client browser, username & password are sent to exchange server in clear (with SSL to secure them) and on behalf of the user, exchange will use kerberos to authenticate the user to AD ? What settings do I need to ensure this flow ? When I set the authentication of exchange folder to basic authentication in IIS, I see that the username & passwords are sent to exchange, but no kerberos authentication between exchange & AD, there are many ldap requests instead. If I set the authentication to integrated windows authentication, the client browser sends AS-REQ & TGS-REQ directly to AD, which is not how it supposed to work right ? I only have 1 exchange server, so no front end / back end configuration. How can I configure exchange server to use kerberos authentication to AD ? thanks