Compartilhar via


Kerberos 인증을 통한 인터넷 익스플로러 동작

???? : Internet Explorer behaviors with Kerberos Authentication

https://blogs.technet.com/askds/archive/2009/06/22/internet-explorer-behaviors-with-kerberos-authentication.aspx

?????? ?(Rob)???. ??? ????? Kerberos ??? ??? ??? ?? ????? ???.

??? ?????? ?? ??? Kerberos ??? ?? ??? ???? ?? ???? ??? ??? ?? ???? ???? ???. ????? ? ??? ?? ?????? Kerberos ??? ???? ??? ???? ??? ????.

???? 1 : ????? 80/443? ?? TCP/IP ??? ???? ?? ??

? ?? ??:

l Webserver1? ? ??? ???? ??? ?? IIS ???? ????.

l Website1? NetworkService? ??? ?? ???? ? ???? ?????.

l Website2? ??? ??? ??? ??? ?? ???? ? ???? ?????.

l website2? 8080 ??? ????? ???? ????.

l ??? SPN? website2 ?? ???? ? ??? ???? ????.

m http/webserver1.contoso.com:8080

m http/webserver1:8080

? ?????? ??? ? ???? ?? ??? ??? ?? ??? ??? ? ????? ? ? ????. SPN(Service Principal Name)? ??? ? ???? ??? ???? ?? ????, ??? ??? ? ?? ???? ? ???? Kerberos ??? ?? ? ???? ? ? ????.

???????? ?? ??:

? ??????? ??? ?????? Website2? ???? ? ??? ?? ??? ?? SPN? ?????. ???, IE? ?? ??? Kerberos ?? ??? ?? ??? ???? ????. ? ??? IIS? ??? ? KRB_AP_ERR_MODIFIED ???? ?? ?? ? ????.

??? KB? ??? ?? IE ????? ??? ?? ??? ??? ??? ????. ??? ????? 6?? ????? ??? ??? ???? ?? Wininet.dll? QFE? ??? ?????.

908209 Internet Explorer 6 Kerberos ?? ????? ???? Windows XP ? Windows Server 2003 ??? ?? ??? ???? ? ???? ??? ? ????.

https://support.microsoft.com/kb/908209/ko

IE7? KB ??? ???, ? ??? IE? ?? ?????? ??? ? ????.

??? ????:

? ???? ??? ??? ??? ???? DNS ??? ??? ??? ?? DNS HOST ???? ???? ? ??? ? ??? ??? ?? ?? ????? ????. DNS?? CNAME ???? ? ???? ??? ?? ? ????.

???? 2 : CNAME DNS RR? ?????? ??? ??

? ?? ??:

l Webserver1? ? ??? ???? ? ?? ?? ???? ????.

l Website1? NetworkService? ??? ?? ???? ? ???? ?????.

l Website2? ??? ??? ??? ??? ?? ???? ? ???? ?????.

l Website2? app1.contoso.com? ??? ??? ????? ???? ????.

l DNS?? app1.contoso.com? CNAME ???? ????? webserver1.contoso.com ??? ???? ?????.

l ??? website2? ?? ???? ? ???? ??? SPN???.

m http/app1.contoso.com

m http/app1

? ?????? ??? ? ???? ??? ????. ???? app1.contoso.com? ? ? ????? ??? DNS lookup? ? ???, DNS ??? CNAME ???? ???? webserver1.contoso.com ??? ???? ?????. SPN ??? ??? website2? ? ?? ???? ? ??? ?????? ? ? ????.

??? ?????? ?? ??? ?? CNAME ??? ??? ???, CNAME ?????? ??? ??? ???? ?? Kerberos ?? ??? ???? ????. ??? IE? WebServer1? ??? ????? ????? ??? Kerberos ??? ??? http/webserver1.contoso.com? ?? Kerberos ??? ???? ?????. ??? ???? app1.contoso.com ????? ????? ???? IIS??? IE?? KRB_AP_ERR_MODIFIED? ???? ?????.

?????? ?? ??:

??? KB? ??? ?? IE ????? ??? ?? ??? ??? ??? ????. ??? ????? 6?? ????? ??? ??? ???? ?? Wininet.dll? QFE? ??? ?????.

??? ????? 6:

911149 Windows XP ?? ????? Kerberos ??? ???? ? ???? ???? ? Internet Explorer?? ?? ????: "HTTP ?? 401 - ??? ??: ??? ?? ?? ??? ???? ???????." https://support.microsoft.com/kb/911149/ko

??? ????? 7? ? ??:

938305 Internet Explorer 7? ???? Kerberos ??? ???? ? ???? ???? ? "??? ?? ??? ???? ?? ??? ??" ?? ???? ???? https://support.microsoft.com/kb/938305/ko

??? ????:

??? ????? DNS CNAME RR? ???? HOST RR? ???? ????.

???? 3 : ? ???? ? ????? ????? 30? ??? ????.

? ?? ??:

l Webserver1 ???? ??? ???? ??? ????.

l Website1? ??? ??? ??? ??? ?? ???? ? ???? ?????.

l ??? SPN? website1 ?? ???? ? ??? ???? ????

m http/webserver1.contoso.com

???? ????? ??? ? ??? URL? NETBIOS ??? ???? ?????. ?? ??: https://webserver1 ?? ?????.

? ?????? ??? SPN? FQDN ???? ?????, ??? ???? ??? ????. Kerberos? ?? ??? ?? FQDN? ??? ?? ??? SPN? NETBIOS ?? ??? ????? ????? ?? ?? ????. ??? ???, ???? ? ?? ???? ?? ?? ?? ?????.

??? ?????? ?? ??? ???? DNS suffix? ????? ???? URL? ??? ??? ??? ???? ???? ???? ??? DNS suffix ?? ??? ???? ????. ?? DNS ??? ???? webserver1.contoso.com? ??? ????. ?? IE? ? ??? ??? ??? DNS ??? DNS ???? ?????. ???? ??? ????? ????. IE? ??? 30????. 30? ?? IE? ?? ??? ?????, ???? DNS? ?? ?? ??? ??? ? ????. ?? NetBIOS ?? ???? ?????.(??? WINS ????? ?????, ??? ??? ?? ?????.) ??? ???? ?? ? ??? Kerberos ??? ?? ???.

l KRB_AP_ERR_MODIFIED - ? ??? ???? ? ???? ??? ? ??? ??? ??? ??? ????. ??? http/webserver1 SPN? ?? ??? ??? ??? HOST/webserver1?? ???? ?????.

l KRB_ERR_S_PRINCIPAL_UNKNOWN - ? ??? ? ??? ??? app1.contoso.com ?? ?????. ??? http/app1 SPN? ?? ???? ?? ??? ??? ? ?? ?????.

?????? ?? ??:

???? ??? ?????? ?? ??? ??? ????.

899417 WWW ??(:? ??? ???? ?? HTTP ??? ?? ??)? ??? ? "???? ???????." ?? ???? ????. https://support.microsoft.com/kb/899417/ko

IE7? KB ??? ???, ? ??? IE? ?? ?????? ??? ? ????.

??? ????:

SETSPN.EXE? ????, SNP? NetBIOS ??? ??? ??? ? ????.

? ?? ????? ?????. ?? ??? ??? ?? ??? ????? ????? ?? ???? ??(trace)? ???? ?? ?? ????.

- Rob “I Speak Tampa” Greene