windows browsers send ntlm instead of kerberos tokens
Julien ALLANOS
julien.allanos at aql.fr
Tue Aug 30 03:35:40 EDT 2005
Quoting Markus <markus_moeller at compuserve.com>:
> Julien,
>
> as far as I am aware you can not use cnames. Normally the
> client/server uses a call to gss_import_name which canonicalises the
> hostname from the cname to the A record. If you capture the traffic
> on port 88 on the client you should see a TGS-REQ for
> HTTP/host.my.domain.tld although your URL was http://my.domain.tld.
>
> Regards
> Markus
>
As I've already said before, I see no traffic between the client and
the server
(port 88). The client immediately send a NTLM token.
If I could make Kerberos working, do you think a keytab with
HTTP/host.my.domain.tld at MY.DOMAIN.TLD would be enough?
--
Julien ALLANOS
More information about the Kerberos
mailing list