sidebar ~ kerberos & v1

i’ve gotten a couple of questions lately about kerberos and v1. so i thought i’d put together some things that i’ve learned in my research on the topic.

this isn’t a lesson on kerberos, which means there is an assumption that if you’re interested in using kerberos, you’re up to speed to some degree.

so we’ll start with a couple of facts:

  1. versionone supports integrated windows authentication
  2. integrated windows authentication supports kerberos. yep, that does mean versionone and kerberos do play nicely together.

when installing versionone you will be asked to choose either versionone or windows integrated authentication mode. if you choose windows integrated authentication, versionone delegates authentication of the user requesting resources to iis. iis attempts to use the current user information on the client computer. since versionone is a web application, a web browser is the client application requesting resources from iis. i mention this to point out that most configuration issues will be either iis or the client web browser being used, assuming kerberos is working for other systems.

note: authentication is delegated to iis, authorization and access to project data is still managed within the versionone application. which means the member list is required and maintained by a versionone administrator within versionone.

so there you go… as quickly as possible i tried to provide enough info about kerberos and v1. for more details i will provide a few links that helped me. enjoy~

http://www.adopenstatic.com/cs/blogs/ken/archive/2006/10/20/512.aspx
http://support.microsoft.com/kb/215383
http://support.microsoft.com/kb/326985
http://msdn.microsoft.com/en-us/library/ee825205(CS.10).aspx#cs_gs_security_zhsy
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx?mfr=true
http://gregjessup.com/firefox-kerberos-authentication-2/

This entry was posted in Agile Development. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>