RE: form based auth using kerberos ?

  • From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 30 Aug 2004 14:46:22 -0400

You would need a front-end/back-end solution IIRC.  The use of Kerberos
authentication occurs after you set integrated authentication, but you can't
do that for the anonymous users on the internet.  Hence, clear-text auth is
usually recommended.  

Have you checked out some of the docs on for some additional deployment
suggestions for this scenario?


-----Original Message-----
From: m1r4cle_26@xxxxxxxxx [mailto:m1r4cle_26@xxxxxxxxx] 
Sent: Sunday, August 29, 2004 11:09 PM
To: [ExchangeList]
Subject: [exchangelist] RE: form based auth using kerberos ?

Thank you to Paul & Al for the replies. 

So, from client browser, username & password are sent to exchange server in
clear (with SSL to secure them) and on behalf of the user, exchange will use
kerberos to authenticate the user to AD ?

What settings do I need to ensure this flow ?

When I set the authentication of exchange folder to basic authentication in
IIS, I see that the username & passwords are sent to exchange, but no
kerberos authentication between exchange & AD, there are many ldap requests
instead. If I set the authentication to integrated windows authentication,
the client browser sends AS-REQ & TGS-REQ directly to AD, which is not how
it supposed to work right ?

I only have 1 exchange server, so no front end / back end configuration.
How can I configure exchange server to use kerberos authentication to AD ?


Other related posts: