Auth Type restriction for CredentialCache clss
Engr
'Basic', 'Digest', 'Negotiate', or 'Kerberos'. Two questions
a. If we set it to Kerberos, does it mean that it will use only Kerberos and
not other registered authentication?
b. Is there a way to ensure that it uses only Kerberos and doesn't fall down
to NTLM or other ways of authentication? We want the connection to fail if
Kerberos is not available.
Engr
Joe Kaplan
you got Kerb and false if you got NTLM.
You should probably just use Negotiate in your Add method if you use
anything as Negotiate is what is going to be used.
I don't think you can do anything to prevent the server from selecting NTLM
if Kerb is not available but you should at least be able to detect it and
error on the client side.
I assume you need the server to be able to delegate the client's credentials
or this would not matter too much.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Engr" <en...@tydd.com> wrote in message
news:O4l8mKaX...@TK2MSFTNGP02.phx.gbl...
Engr
Many thanks for your reply. Your suggestion to check IsMutuallyAuthenticated
might solve our problem. Is this a property of NegotiateStream class?
Thanks.
Engr.
"Joe Kaplan" <joseph....@removethis.accenture.com> wrote in message
news:O6p%23r3pXK...@TK2MSFTNGP02.phx.gbl...
Joe Kaplan
and not just raw sockets, but you can use either with Negotiate auth and
still get the same info.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Engr" <en...@tydd.com> wrote in message
news:OKpu6M2X...@TK2MSFTNGP04.phx.gbl...