Ensure kerberos is used for Kinetic application

joerojas · September 22, 2025, 6:57pm

Hi, All.

We are currently on Kinetic 2022.2 and working to upgrade to 2025.1 (.2 if it comes out in time).

Our IT team requested to see if we can configure Kinetic to ensure it uses kerberos instead of NTLM. The feedback is that the majority of the remaining NTLM traffic is related to Kinetic.

I’ve done a bit of research, and the one step I took was to remove the NTLM provider from the Kinetic IIS application. After recycling the app pool, I am still able to access Kinetic. However, when I look at the HTTP Response Headers, Authorization is Bearer. Some websites were suggesting that it would either be NTLM or kerberos.

In short, my question is, how do I configure IIS to ensure it is using kerberos and not NTLM.

josecgomez · September 22, 2025, 7:50pm

I haven’t used windows auth directly with kinetic we use Azure IDP but I believe that the Kinetic Interface always uses Bearer. Regardless of Auth mechanism it uses that authentication (Basic, IDP, NTLM etc) to genrate a token and then every subsequent call uses that bearer token.

Take a look at the initia login / exchange

joerojas · September 26, 2025, 3:13pm

Thank you, Jose.
The very first reference to the Authorization header, during the initial login, was still Bearer.
I am waiting for the IT to see if the traffic is still NTLM.