How does client browser know which KDC to send request to get ticket? | ansaurus

tags:

views:

31

answers:

1

+2 Q:

How does client browser know which KDC to send request to get ticket?

Hi,

Environment: SharePoint & Kerberos

Can someone explain how does client browser know which KDC to send request to get ticket in step 3 below: 1. The user types in a URL in the Internet Explorer (e. g. http://intranet.domain.local) 2. The client browser constructs the SPN, which contains a name of the host and the service type (SPN: http/intranet.domain.local – Service type: HTTP Name: intranet.domain.local) 3. The client sends a request to the KDC to get a ticket for this SPN

Note that domain.local is not KDC server host name.

Thanks in advance, Frank

+1 A:

The algorithm goes pretty much like this:

Fist the request is sent to which domain controller you client is communicating
If request fails the client queries DNS for SRV recrord containg _kerberos._udp. DnsDomainName . See http://technet.microsoft.com/en-us/library/cc961719.aspx for details. If your DNS server is Active directory you pretty much will get them for free. If not you would have to set them up yourself.

Vlad 2010-08-13 20:13:52

related questions

Upgrading Sharepoint 3.0 to SQL 2005 Backend?

Webpart registration error in event log

Sharepoint COMException 0x81020037

Transactional Design Pattern

Deploying InfoPath forms to different SharePoint servers

Profiling/Optimizing (Sharepoint 2007) Web Parts

Retreiving the PC Name of a Client? (Windows Auth)

What's the best way to report errors from a SharePoint workflow?

How to get out parameters working in SharePoint workflows

Editing User Profile w/ Forms Authentication

WSS/MOSS Book

Creating a development environment for SharePoint.

Sharepoint Wikis

Have you used a wiki in your project or group?

Can I copy files to a Network Place from a script or the command line?

How do you deploy your SharePoint solutions?

SharePoint WSS 3.0 Integration with Mac OSX (either Safari or Firefox)

SharePoint - Connection String dialog box during FeatureActivated event

How can I improve the edit-compile-test loop when developing a SharePoint workflow?

Best ajax library for Sharepoint

Alternative Hostname for an IIS web site for internal access only

How to reference to multiple version assembly

MOSS SSP problem - Failed database logons from deleted SSP

Sharepoint: executing stsadm from a timer job + SHAREPOINT\System rights

Can ASP.NET AJAX partial rendering work inside a SharePoint 2007 application page?