There is no PSE involved here - PSE is a proprietory file format used on NetWeaver servers, and not applicable to this discussion. Instead, we are talking about a .net application that has Kerberos credentials delegated from a workstation and these delegated credentials will be stored by IIS in the Windows LSA cache. So, the GSS library being used on the .net server needs to know the Kerberos principal name of the user before it performs the init_context, or it needs to be told the principal name using the SNC_MYNAME param. So, it entirely depends on how the GSS library has been coded and whether it is able to know the principal name, or if it needs to be told.
↧
