I've got server with w2k8 and IIS7 in one domain and keytab from some other foreign domain (no trusts). Is it possible to enable Windows Authentification (SPNEGO/Kerberos) to auth users in Web Application from the those foreign domain?
SPNEGO/Kerberos in IIS with foreign domain keytab
997 views Asked by Vladimir Kravets At
1
There are 1 answers
Related Questions in IIS
- error 500 on IIS FastCGI but no clue despite multiple error loggings activated
- IIS Rewrite Module exclude bots but allow GoogleBot
- How to deploy angular 17 SSR into IIS
- IIS web site with httpplatformhandler on specific route does not redirect to the nextjs site
- Why is 'EDITBIN /STACK:2097152 w3wp.exe' cmd is giving me an LNK1342 error?
- Primeng Angular styles on subdomain don't work
- Apps migrated from IIS server1 to another IIS server2 stopped communicating with an App on IIS server 1 via SSL (HTTPS)
- How to authenticate with REST API service on IIS using pass-through authentication in Python?
- ASP.NET Core 8 is missing from application pool selection after install
- Azure Application Gateway ByPass
- SSL certificate is installed on iis and website but in browser is unknown
- Redirect to another site but show the original URL in browser
- Problem in hosting React App with react-router-dom on IIS Server
- Django Channels on IIS
- ASP.NET Core/Angular17 application files does not load when published in IIS
Related Questions in WINDOWS-AUTHENTICATION
- Blazor WebAssembly with API protected with Windows authentication
- Web API works with Windows authentication enabled when consumed via Swagger but throws an unauthorized issue when accessed through web app
- AspNetCore WebApp not passing users windows credentials to API
- How can I run my C# app using a SQLConnection to SQL Server with Windows Authentication in a PC not joined to domain?
- .Net SqlConnection class with Windows authentication
- Cannot authenticate to IIS using win auth and dotnet 6
- SQL windows authentication fails sort of
- Why doesn't my visual studio asp.net core web application recognise my windows account when running the project
- .NET core 7 windows authentication exception when deployed
- Unable to connect to SQL Server using windows authentication mode through PowerShell
- SharePoint Online : Tokens and Mutli Factor Authentication in a WinForms App
- Windows Authentication in New Dotnet SPA Templates (React + Vite)
- ASP.NET (Blazor): Trigger windows authentication popup only on a single page
- How to configure ClaimTransformer for CoreWCF with TCP endpoints?
- Kerberos ticket has wrong impersonationlevel after the calling application upgraded from .NET 4.7
Related Questions in KERBEROS
- Jndi connect to LDAP by GssApi KrbException: Server not found in Kerberos database (7)
- Kerberos Authentication for an API
- SASL GSSAPI: ldap_sasl_interactive_bind : Other error (80) no credentials supplied
- SQL Server Kerberos authentication
- How do I obtain a user's domain in nginx during authentication through AD with Kerberos?
- Kerberos ticket validity
- Unable to create Kafka Consumer using Kerberos Authentication System
- Does DataGrip Support Postgres Authentication with Kerberos?
- Setting up SOLR authentication kerebos plugin
- Authenticating and transferring files to the shared drive using Kerberos auth via SMB in Python
- Resolving Kerberos vs NTLM Authentication Issue in Cross-Domain SQL Server Connection
- Git clone failed with Krb5LoginModule error - JNA Library
- SPNEGO/GSS-API Golang packages for Kerberos authentication on MacOS
- VBA MSXML2.ServerXMLHTTP60 Web Request with Kerberos Authentication
- Deserializing a Kerberos Token
Related Questions in KEYTAB
- Kerberos Keytab: Getting error while creating keytab for MSA on Active Directory
- Python Code Connecting to Hadoop Hive Kerberos Keytab through watson studio
- gokrb5 keytab file: Decrypting_Error: error decrypting EncPart of AS_REP
- Storage of SALT in Active Directory / Configure SSO for SAP HANA
- Running a Windows keytab without domain admin privileges
- How to fix "Key for the principal <principal user> not available in <keytab file>" in Java 18 Spring Boot
- Kerberos authentication. Keytab and ticket
- Memsql connection via keytab
- Client Java program to reach internet through proxy using kerberos/Keytab authentication
- Kerberos keytab file generation error: "Failed to set property 'servicePrincipalName' / Warning: Unable to set SPN mapping data"
- How to create keytab file via LDAP?
- google dataproc jobs submit with local keyTab / ticketCache file
- How can I provide my password to OpenJDK's ktab.exe if my password has a space in it?
- Getting basic authentication box appear when trying SSO (Websphere/keytabs)
- Can contents of Keytab file be stored and used from Azure Key vault?
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
It's theoretically possible, but the logistics of making it work are next to impossible to implement.
I've no idea if IIS supports this or not, but it is possible in the kerberos API to say "try to decrypt this response using every key in the keytab". In theory, this can be used with keys from remote realms, although I've never seen code attempt it.
However, the problem is the client needs to decide the realm and principal to use to make the request based on information outside the protocol. Thus you'd need to somehow tell all the web clients from the remote domain to use the remote domain when contacting the webserver in the w2k8 domain. You can do this with krb5.conf on unix machines, but it would require a custom krb5.conf on every client using identities from the remote realm.
In general, kerberos will only work across multiple realms if there is some kind of cross realm trust enabled.