Mod_auth_kerb and Windows XP SP2 issues

Michael B Allen mba2000 at ioplex.com
Thu Apr 19 17:26:46 EDT 2007


On Thu, 19 Apr 2007 10:51:46 -0700 (PDT)
SriramG <sgopalan at etrade.com> wrote:

> 
> I posted an issue with Kerberos authentication with XP when it renews the
> ticket.
> 
> We tested it against IIS.
> When the TGT expires and after renewal IE switches to NTLM (ethereal) even
> on IIS.
> But IIS accepts both Kerb and IIS authentication. So its not transparent. 
> 
> Is this possible to do it in Apache too ?

I don't know but failing over to NTLM is clumsey and for some applications
totally inadequate since NTLM does not support delegation. If I were you
I would ask MS to give you an explaination. Either there's something
wrong with your network or it's a bug in IE. Either way, I'd want to
fix it rather than add some feature that just masks the problem.

Mike

-- 
Michael B Allen
PHP Active Directory Kerberos SSO
http://www.ioplex.com/



More information about the Kerberos mailing list