Michael Ströder michael at
Fri Jul 18 07:13:28 EDT 2008

Michael B Allen wrote:
> On Thu, Jul 17, 2008 at 6:46 PM, Russ Allbery <rra at> wrote:
>>> And that is the scenario where direct SPNEGO / NTLMSSP solutions are
>>> going to perform better.
>> If by "better" you mean "pretty much the same," yes, modulo the
>> configuration note that I mentioned.
> No, I definitely meant "better".
> With direct SPNEGO we 401 the initial HTTP request, accept one GSSAPI
> token and get a TGT.

Is the TGT sent by the browser in the SPNEGO blob? Up to now I thought 
it's just a service ticket.

Ciao, Michael.

More information about the Kerberos mailing list