RE: form based auth using kerberos ?

  • From: m1r4cle_26@xxxxxxxxx
  • To: exchangelist@xxxxxxxxxxxxx
  • Date: Tue, 31 Aug 2004 05:52:26 -0600

> You would need a front-end/back-end solution IIRC.  The use of Kerberos
> authentication occurs after you set integrated authentication, but you can't
> do that for the anonymous users on the internet.  Hence, clear-text auth is
> usually recommended.  
Yes, I agree. I have to use basic authentication with SSL enabled between
browser and exchange.
> Have you checked out some of the docs on
> for some additional deployment
> suggestions for this scenario?

As suggested, I have read some docs in the microsoft library.
Kerberos auth is used by front-end to send user cred to back-end to get
the mailbox, but front end still needs to authenticate user to AD, and so
does back end. so the flow will be:
front end -- ? --> AD
front end -- kerberos --> back end
back end -- ? --> AD
(based on article:

From the net, I can only know that RPC call is used for communication from
front end to AD. But how does the user authentication process work
actually ?
I'm still clueless about the "? protocol" used here. What is the default ?
Can I use kerberos ?

So if my understanding is right, even using FE/BE won't guarantee that I
can authenticate users using kerberos, right ?

If kerberos can't work with form based auth, what about non form-based
auth, can exchange uses kerberos to authenticate user to AD ?

once again, thanks for your help

Other related posts: