Windows Clients Won't Do Kerberos

Michael B Allen mba2000 at
Thu Jun 29 16:36:39 EDT 2006

I'm testing a Windows -> Apache Kerberos SSO product (see sig) with a
customer and it's not working for them. The client is always asking for
NTLM. It never even tries Kerberos. I know it's not browser settings
because I wrote a simple wsh script and it too only tries NTLMSSP
(whereas on my test network it works fine).

Can anyone think of a reason why XP clients would refuse to try Kerberos
when accessing services (e.g. HTTP)? I've been through all the usual
reasons but we just can't get it to work. Is there some kind of mode
that a Windows domain controller can run in that causes all clients not
to do Kerberos at all? Can anyone recommend a diagnostic?


Michael B Allen
PHP Extension for SSO w/ Windows Group Authorization

More information about the Kerberos mailing list