SSO
Michael Ströder
michael at stroeder.com
Fri Jul 18 07:13:28 EDT 2008
Michael B Allen wrote:
> On Thu, Jul 17, 2008 at 6:46 PM, Russ Allbery <rra at stanford.edu> wrote:
>>> And that is the scenario where direct SPNEGO / NTLMSSP solutions are
>>> going to perform better.
>> If by "better" you mean "pretty much the same," yes, modulo the
>> configuration note that I mentioned.
>
> No, I definitely meant "better".
>
> With direct SPNEGO we 401 the initial HTTP request, accept one GSSAPI
> token and get a TGT.
Is the TGT sent by the browser in the SPNEGO blob? Up to now I thought
it's just a service ticket.
Ciao, Michael.
More information about the Kerberos
mailing list