spnego
Tuomas
tuomaksen.spammiposti at gmail.com
Wed Aug 20 12:32:22 EDT 2008
Michael B Allen wrote:
> On Sun, Aug 17, 2008 at 3:35 AM, yuval <yabadi at checkpoint.com> wrote:
>> Hi All
>>
>> I have web server that required authentication.
>> It does so by returning 401 www-authenticate: negotiate.
>> IE (FF too) sends Kerberos ticket to authenticate.
>>
>> When client (or client machine) is not from domain, IE popup for credential
>> and create NTLMSSP blob.
>>
>> Is any way to continue the negotiation with the IE before it pops up the
>> NTLM credential to user? May be by sending spengo option?
>
> See "Issue 3" in the Plexcel Operators Manual on the Support page of
> the website in my signature. It outlines all of the reasons for
> browsers not doing Kerberos (obviously if you are not using Plexcel
> you will need to ignore any product specific references but getting
> browsers to do Kerberos is pretty much the same regardless of what you
> are using on the server side).
>
> Mike
>
Hi!
I have been struggling with the same problem (with apache &
mod_auth_kerb). For me it seems that there really isn't a foolproof way
to completely avoid getting NTLMSSP blobs from clients.
I wonder is there a way to perform the login using NTLMSSP data?
Cheers,
Tuomas
More information about the Kerberos
mailing list