Kerberos authentication

Kerberos authentication

am 06.06.2007 18:01:34 von Ronald Ruijs

Hi,

For Kerberos authentication to work on Windows Server 2003/IIS 6 with IE 6
client, does the w3svc service need to run under a domain account, or is
Localsystem OK, too?

My IIS does NTLM only, and I can't figure out why...

Thanks,

Ronald

Re: Kerberos authentication

am 07.06.2007 06:19:36 von Ken Schaefer

There is no need to run under a domain account. Network Service (or Local
Server, or LocalSystem) is fine. You just need to register the SPN under the
correct account.

IIS and Kerberos Part 1 - What is Kerberos and how does it work?
http://www.adopenstatic.com/cs/blogs/ken/archive/2006/10/19/ 512.aspx

IIS and Kerberos Part 2 - What are Service Principal Names?
http://www.adopenstatic.com/cs/blogs/ken/archive/2006/11/19/ 606.aspx

IIS and Kerberos. Part 3 - A simple scenario
http://www.adopenstatic.com/cs/blogs/ken/archive/2007/01/16/ 1054.aspx

IIS and Kerberos Part 4 - A simple delegation scenario
http://www.adopenstatic.com/cs/blogs/ken/archive/2007/01/27/ 1282.aspx

Cheers
Ken


"Ronald Ruijs" wrote in message
news:uqG62PFqHHA.2044@TK2MSFTNGP04.phx.gbl...
> Hi,
>
> For Kerberos authentication to work on Windows Server 2003/IIS 6 with IE 6
> client, does the w3svc service need to run under a domain account, or is
> Localsystem OK, too?
>
> My IIS does NTLM only, and I can't figure out why...
>
> Thanks,
>
> Ronald
>