spnego

[Tuomas]

Michael B Allen wrote:
> On Sun, Aug 17, 2008 at 3:35 AM, yuval <yabadi at checkpoint.com> wrote:
>> Hi All
>>
>> I have web server that required authentication.
>> It does so by returning 401 www-authenticate: negotiate.
>> IE (FF too) sends Kerberos ticket to authenticate.
>>
>> When client (or client machine) is not from domain, IE popup for credential
>> and create NTLMSSP blob.
>>
>> Is any way to continue the negotiation with the IE before it pops up the
>> NTLM credential to user? May be by sending spengo option?
> 
> See "Issue 3" in the Plexcel Operators Manual on the Support page of
> the website in my signature. It outlines all of the reasons for
> browsers not doing Kerberos (obviously if you are not using Plexcel
> you will need to ignore any product specific references but getting
> browsers to do Kerberos is pretty much the same regardless of what you
> are using on the server side).
> 
> Mike
> 
Hi!

I have been struggling with the same problem (with apache & 
mod_auth_kerb). For me it seems that there really isn't a foolproof way 
to completely avoid getting NTLMSSP blobs from clients.

I wonder is there a way to perform the login using NTLMSSP data?

Cheers,
Tuomas