[19554] in Kerberos
Win2k Kerberos authentication through a web proxy
daemon@ATHENA.MIT.EDU (Ange)
Fri Jul 11 07:34:58 2003
From: garbage@random.net.nz (Ange)
Date: 11 Jul 2003 03:48:35 -0700
Message-ID: <37a80e7d.0307110248.13040a53@posting.google.com>
To: kerberos@MIT.EDU
Errors-To: kerberos-bounces@mit.edu
Hi All,
Has anyone had any success using Windows 2000 kerberos authenticated
web applications through proxy servers? I have the following
situation
Web App Server: Win2k IIS set to authenticate requests via "Windows
Intergrated Authentication Only". The IIS Metabase has been set to
only allow Kerberos authentication, not NTLM.
Client: Internet Explorer 6.
Problem: The authentication works fine without a proxy, but if IE is
set to use a proxy it simply gives a HTTP 401 Unauthorised response.
If I get the proxy to add the HTTP header line ->
Proxy-Support: Session-Based-Authentication to each reponse I get
slightly further, in that I can get IE to respond to IIS's inital 401
with a new request with an Authorisation header. But then IIS
responds with another 401 and IE displays a "Page can not be
Displayed" error. I'm assuming that the Proxy-Support header is
really only intended for use with NTLM not Kerberos(?).
Any thoughts appreciated.
GAR
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
