Dears
While reading about the new features in Windows Server 2008 R2, i found this article about kerberos dilemma and how windows 2008 r2 might solved it.
http://technet.microsoft.com/en-us/library/dd367859(WS.10).aspx
In 2008 R2 server can kerberous be replaced by the "managed service account" or the "virtual account"
+11
+9
Is this something you've played around with at all? I think it would still have the double-hop issue if you are trying to retain the current user's credentials across environments, but I haven't experimented with it.
+4
If you take the "kerberos dilemma" to mean maintaining SPN's and user credentials then the answer would be "yes", otherwise "no" (tbyrne would be correct).
+5
What I have found in my experience is that the new functionality in 2008 R2 IIS applies to application pool accounts that aren't running as domain account. I typically always use domain accounts as service accounts/application pool accounts, so the Kerberos/SPN issue still applies.
+11
Thanks all for your contributions.
i thought there was some hope in leaving kerberous behind us and use a different approach for authentication
Reply
View our Community Site Map
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.