Domain controller is windows server 2012 R2, Access resources are few web applications hosted on (IIS of a server 2008 R2 machine) and Resource client is another windows server 2008 R2 machine, in which user access the web applications via browser.
Currently I have enabled user authentication based kerberos in IIS (where the web applications are hosted) user has to enter user name and password to get in and it is working fine (I can see all the kerberos transactions in network monitor).
However my actual requirement is to achieve the same using (x.509 (identity) certificates installed iOS devices), when the user with identity certificate installed in the device access these sites from with in the device, should be let in without being prompted for user name and password.
I have been trying to configure this in my environment but with no success. most searches on web ends up in integrating MIT kerberos (based on Linux) with MS AD with PKINIT, but I looking for a way to achieve the same thing in windows environment.
Recently I came across the below link ,
http://msdn.microsoft.com/en-in/library/cc238455.aspx
which clearly says this PKI based initial authentication is available with MS-PKCA (Microsoft's implementation of PKINIT)
then again it's a developer document and it gives only technical details.
How do I implement MS-PKCA based kerberos in my windows environment ?
Is my scenario practically achievable in a complete windows environment?
Any help is much appreciated
Thanks in advance.. .
Girish