GSSAPI x Kerberos
Kent_Wu@trendmicro.com
Kent_Wu at trendmicro.com
Fri Jul 11 18:21:18 EDT 2003
Is that true when IIS issues "WWW-Authenticate: Negotiate" it actually means NTLM? Supposedly after win 2000 Kerberos replaced NTLM to became the default authentication mechanism in win but I'm not sure how they integrate kerberos into HTTP traffic. And if kerberos authentication is doable, how a 3rd party http proxy to support this in terms of proxy authorization (407 return code)?
Kent
-----Original Message-----
From: silvio at gdora.com.br [mailto:silvio at gdora.com.br]
Sent: Wednesday, July 09, 2003 5:34 AM
To: Sam Hartman
Cc: Kerberos Mailing
Subject: Re: GSSAPI x Kerberos
Sam Hartman wrote:
> Implement using GSSAPI unless there is something that you need that
> cannot be provided by GSSAPI.
Thanks :-) I was going to do that but I asked here to be sure...
The SPNEGO draft on IETF (draft-brezak-spnego-http-04) explains how Microsoft
implemented the GSS over HTTP to IIS and IE, in the docs it says to use "WWW-
Authenticate: Negotiate", but the patch to Mozilla looks a little different, it
uses "GSS-Negotiate"... Since I'm going to do both server and client
modification to support Kerberos in this application I could use anything, what
you think that would be better the MS draft or the one the works on
Mozilla/Apache?
There's any other kind of GSS authentication over HTTP?
Thanks in advance,
Silvio Fonseca
Linux Consultant
-------------------------------------------------
Relato Consultoria de Informática
Rua Mto. João Gomes de Araújo, 106 cj. 42
Alto de Santana - São Paulo - SP
Telefones: (11) 6978-5253 / (11) 6978-5262
Fax: (11) 6971-3115
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list