Mod_auth_kerb and Windows XP SP2 issues
Michael B Allen
mba2000 at ioplex.com
Thu Apr 19 17:26:46 EDT 2007
On Thu, 19 Apr 2007 10:51:46 -0700 (PDT)
SriramG <sgopalan at etrade.com> wrote:
>
> I posted an issue with Kerberos authentication with XP when it renews the
> ticket.
>
> We tested it against IIS.
> When the TGT expires and after renewal IE switches to NTLM (ethereal) even
> on IIS.
> But IIS accepts both Kerb and IIS authentication. So its not transparent.
>
> Is this possible to do it in Apache too ?
I don't know but failing over to NTLM is clumsey and for some applications
totally inadequate since NTLM does not support delegation. If I were you
I would ask MS to give you an explaination. Either there's something
wrong with your network or it's a bug in IE. Either way, I'd want to
fix it rather than add some feature that just masks the problem.
Mike
--
Michael B Allen
PHP Active Directory Kerberos SSO
http://www.ioplex.com/
More information about the Kerberos
mailing list