[36545] in Kerberos
Question on Kerberos SSO with MS-PKCA (Microsoft's implementation
daemon@ATHENA.MIT.EDU (GK)
Tue Oct 14 11:50:31 2014
Date: Tue, 14 Oct 2014 04:12:31 -0700 (PDT)
From: GK <girishkmr@gmail.com>
To: kerberos@mit.edu
Message-ID: <1413285150948-41721.post@n3.nabble.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I am working on enabling Kerberos based SSO (with PKI used for initial
authentication) in our test environment.
Domain controller is windows server 2008 R2, Access resources are few web
applications hosted on (IIS of a server 2008 R2 machine) and Resource client
is windows 7 machine, in which user access the web applications via browser.
Currently I have enabled user authentication based kerberos in IIS (where
the web applications are hosted) and it is working fine (I can see all the
kerberos transactions in network monitor).
However my actual requirement is to achieve the same using (x.509 (identity)
certificates installed iOS devices), when the user with identity certificate
installed in the device access these sites from within the device, should be
let in without being
prompted for user name and password. (Kerberos based authentication with
certificate (x.509) based pre-authentication)
I have been trying to configure this in my environment but with no success.
most searches on web ends up in integrating MIT kerberos (based on Linux)
with MS AD with PKINIT, but I looking for a way to achieve the same thing in
windows environment.
Recently I came across the below link ,
http://msdn.microsoft.com/en-in/library/cc238455.aspx
which clearly says this PKI based initial authentication is available with
MS-PKCA (Microsoft's implementation of PKINIT)
then again it's a developer document and it gives only technical details.
How do I implement MS-PKCA based kerberos in windows environment ?
Is my scenario practically achievable in a complete windows environment?
Can anyoneplease help me with this ?
--
View this message in context: http://kerberos.996246.n3.nabble.com/Question-on-Kerberos-SSO-with-MS-PKCA-Microsoft-s-implementation-of-PKINIT-preauthentication-tp41721.html
Sent from the Kerberos - General mailing list archive at Nabble.com.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
