I was asked to set up a SharePoint site (running IIS7 in 2008 R2) on a server in domain B so that people in domain A could log in using MD5 / Digest authentication via HTTP. There is trust, so B trusts A, and this works for Kerberos authentication. We set up reversible encryption for passwords and verified that users of domain B can log in using Digest, but we cannot get it so that users of domain A (and not in the same domain as the SharePoint server) can log in with using MD5 / Digest over http. We also checked with WireShark that the browser seems to behave (this is the version of IE that ships with the 2008 R2 server - I think IE7, but I don't have it).
Could you either tell me how to set it up correctly, or provide a link to Microsoft or another fairly authoritative document that says that this is impossible?
(by the way, we are using SharePoint Foundation (free version))
I am editing in later information if other people have fallen into it, and because I would like to add additional sentences to this, and not duplicate it.
1) I set up SharePoint on two servers, and then changed the domain of one of them, leaving the application pool users in the source domain. After some bias (add DNS suffixes from the source domain, play with AAM), I found that I can authenticate with digest on both servers, authenticating users in the same domain as the server - I'm not sure if this is the recommended configuration but I thought it was an interesting experiment. Thus, it looks like a Windows function, not a SharePoint function.
2) Assuming I changed the search conditions and found in http://technet.microsoft.com/en-us/library/cc778868%28v=ws.10%29.aspx "The web server must be a member of the same forests as user accounts. " I think that my setup corresponds to different forests, so it is very similar to the function โthis design behaviorโ.
source share