Forum Discussion

ecce's avatar
Icon for Cirrostratus rankCirrostratus
Nov 24, 2020

Kerberos client auth and Exchange profile

I'd like to do Kerberos auth of clients (where possible) and SSO to Exchange CAS servers. Today it's set up using Basic+NTLM auth. It works, but I would like to swap NTLM for Kerberos while we're setting up new CAS servers. I don't fully understand the purpose of the Exchange profile, what it exactly does and when. Looking though its settings, there is only Basic and NTLM to choose from for various URIs. For OWA as an example, I'd like to do client kerberos auth by creating an AP with a 401 basic+negotiate agent and following negotiate a Kerberos Auth agent. Would I set the owa options in the Exchange profile to "basic" and then the magic of the exchange profile kicks in when APM does a 401 Basic auth with the client, which hopefully never happens?


SSO is Kerberos and already set up and works.

No RepliesBe the first to reply