Since Vista and Windows Server 2008, Kerberos isn't reversing lookup for IPs when you try to reach resources on remote machine by IP (for example reaching share folder \\x.x.x.x\MySharedFolder), and instead of that it fallback to NTLM, which is blocked in my environment, and I fail to reach the resource.
My code includes many usages of IPs in order to reach resources on remote machine, and I'm wondering if there is an OS-independent configuration that will make Kerberos to work with IP, since it sounds like there already must be a solution for such thing, instead of changing all the C# code to use hostname, and not IP.
I found an article on msdn, but it's relevant for Windows 10 or Windows Server 2016 (which no one can tell me the target machine will have those OSs):
https://learn.microsoft.com/en-us/windows-server/security/kerberos/configuring-kerberos-over-ip
For me, it's really make sense that there is already a solution for such an old issue. Do you know about anything like that? Thanks!
The Kerberos stack in Windows never did a reverse lookup and has always blocked IP-based SPNs. The registry change mentioned in the link is only intended as a way to get users off NTLM in the short term and not as a long term solution to using IPs.
The only alternative you have is to manually call into the SSPI stack with the SPN you determined through other means and then manually adding the ticket to your requests.
However, it's 2020. Use DNS.