> You would need a front-end/back-end solution IIRC. The use of Kerberos > authentication occurs after you set integrated authentication, but you can't > do that for the anonymous users on the internet. Hence, clear-text auth is > usually recommended. Yes, I agree. I have to use basic authentication with SSL enabled between browser and exchange. > Have you checked out some of the docs on > http://www.microsoft.com/exchange/library for some additional deployment > suggestions for this scenario? As suggested, I have read some docs in the microsoft library. Kerberos auth is used by front-end to send user cred to back-end to get the mailbox, but front end still needs to authenticate user to AD, and so does back end. so the flow will be: front end -- ? --> AD front end -- kerberos --> back end back end -- ? --> AD (based on article: http://www.winnetmag.com/Article/ArticleID/40371/40371.html) From the net, I can only know that RPC call is used for communication from front end to AD. But how does the user authentication process work actually ? I'm still clueless about the "? protocol" used here. What is the default ? Can I use kerberos ? So if my understanding is right, even using FE/BE won't guarantee that I can authenticate users using kerberos, right ? If kerberos can't work with form based auth, what about non form-based auth, can exchange uses kerberos to authenticate user to AD ? once again, thanks for your help lara