Authenticating using SSPI, KERBEROS, SPN, & 127.0.0.1

Question

I have my client/server application working & authenticating the client via KERBEROS on a Windows system using SSPI. I had to register an SPN to make this work and everything works if I use a the FQDN, but, it takes about 4 seconds. The connection is almost immediate if I connect using 127.0.0.1, but the authentication fails.

I registered the following SPN: Myapp/127.0.0.1:44555

I think I understand why this doesn't work cause it'd be referring to every system rather than specifically to one. What I don't understand is how to get all the speed advantages of using 127.0.0.1 while also being able to perform the KERBEROS authentication.

Thanks ahead of time, assistance is GREATLY appreciated.

score 0 · Accepted Answer · answered Jul 25 '15 at 23:31

0

Though I do not completely understand what is happening. The solution seems to be to connect and perform all networking with the 127.0.0.1 address, and just for specifying the spn resolve the fqdn and use it with InitializeSecurityContext.

answered Jul 25 '15 at 23:31

karezza

536
5
11

Authenticating using SSPI, KERBEROS, SPN, & 127.0.0.1

1 Answers1