Yi wrote: > I have NetIDMgr.exe running on my machine, but it is not prompting for > any credential. I am testing ticket forwarding capability wih my > program, by invoking it via CGI from a web browser client. So it is > possible that process cannot communicate with NetIDMgr.exe. > > I checked the UserID of that process, and it did return the right user > name of the requesting client. It seems the web browser ( IE ) doesn't > send a forwardable ticket to the web server ( Microsoft IIS), or the > web server doesn't imperonate the user properly, thus the invoked > process doesn't really have the credential of the requesting user and > must obtain a new one on the spot. > > So my question really should be: how can I pass the credential of the > requesting client to the CGI program? I guess it is more an issue of > the web server than of GSSAPI library. > > Thanks.
Microsoft applications such as Internet Explorer and IIS do not use the MIT libraries at all. Therefore, none of the MIT tools will be involved in the discussion. Assuming that Internet Explorer is forwarding the credential to IIS, the only way the credential can be used is by requesting impersonation within the IIS thread which kicks off the CGI. The MIT GSSAPI libraries will not be involved in this. A better forum to ask your question might be the microsoft.public.platformsdk.security newsgroup. Jeffrey Altman ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos