Some questions on IIS on Windows 2008
Michael McMahon
Michael.McMahon at Sun.COM
Tue Jan 19 01:45:46 PST 2010
Max (Weijun) Wang wrote:
> Hi All
>
> I've just installed a Windows 2008 system with IIS, and find something
> confusing:
>
> 1. What does "Enable Kernel-mode authentication" mean?
>
> When it's turned on, I can successfully authenticate using NTLM. When
> it's off, the three NTLM packets looks fine, but the server does not
> return 200 OK. In fact, it simply restarts the authentication process
> with headers just like the initial response.
>
It seems to be something to do with the way they IIS gets hold of the
authentication credentials
from the OS. There's a brief note on it here:
http://technet.microsoft.com/en-us/library/cc771945.aspx
> 2. Kerberos (or SPNEGO) does not work?
>
> I've configured the client to create a SPNEGO initial token and sent
> it to the server, the server returns neither OK nor an error token,
> again, it simply restarts the authentication process with headers just
> like the initial response.
>
They seem to have introduced a new extension of SPNEGO called NEGOEX. Is
it possible
this mechanism is in use, instead of the old spnego?
- Michael
More information about the net-dev
mailing list