kerberos authentication for apache on windows
Frank Balluffi
frank.balluffi at db.com
Mon Jun 6 09:16:25 EDT 2005
Julien ALLANOS said:
> I am now facing to the following problem: browsers don't send NTLM
tokens
> anymore but SPNEGO tokens (I believe). I don't really know what I did to
make
> it work, but heh, it works. That's good.
For both NTLM and SPNEGO tokens, IE should send:
Authorization: Negotiate
followed by a base64-encoded token. To determine the type of token,
capture and base64-decode the token. NTLM tokens begin with hex 4E 54 4C
4D 53 53 50 which corresponds to "NTLMSSP" and SPNEGO tokens begin with
hex 60 ... 06 06 2B 06 01 05 05 02 where ... is between 1 and 3 bytes long
(most commonly 3 bytes). 06 06 2B 06 01 05 05 02 means 1.3.6.1.5.5.2,
which identifies the SPNEGO GSSAPI mechanism.
Frank
More information about the Kerberos
mailing list