Michael B Allen ioplex at gmail.com
Sun Aug 17 11:08:08 EDT 2008

On Sun, Aug 17, 2008 at 3:35 AM, yuval <yabadi at checkpoint.com> wrote:
> Hi All
> I have web server that required authentication.
> It does so by returning 401 www-authenticate: negotiate.
> IE (FF too) sends Kerberos ticket to authenticate.
> When client (or client machine) is not from domain, IE popup for credential
> and create NTLMSSP blob.
> Is any way to continue the negotiation with the IE before it pops up the
> NTLM credential to user? May be by sending spengo option?

See "Issue 3" in the Plexcel Operators Manual on the Support page of
the website in my signature. It outlines all of the reasons for
browsers not doing Kerberos (obviously if you are not using Plexcel
you will need to ignore any product specific references but getting
browsers to do Kerberos is pretty much the same regardless of what you
are using on the server side).


Michael B Allen
PHP Active Directory SPNEGO SSO

More information about the Kerberos mailing list