IE6 Fallback to NTLM
Michael B Allen
ioplex at gmail.com
Mon Nov 10 19:38:14 EST 2008
On Mon, Nov 10, 2008 at 4:06 PM, Jobo <jobo at jobo.com> wrote:
> IE (6) and Kerberos
>
> At some (actually one) locations in our network (which is spread all
> over the Netherlands) we have the problem that IE6 randomly falls back
> to NTLM, while FF keeps on working flawlessly.
>
> Does anybody has a clou what is happening? Tickets are valid and
> available, and when a new instance of IE is opened, everything works OK
> again.
>
> The facts:
> Server: SLES 10 + Apache + mod_auth_kerb (Kerberos 5 release 1.4.3)
> Client: IE6 on XP
> Tickets are served by Active Directory.
In the past there have been a few bugs in cache handling on XP:
http://support.microsoft.com/kb/906524
http://support.microsoft.com/kb/885887
Check your kerberos DLLs.
But I haven't seen anyone complain about these sorts of things in a
while so I'm not sure if the bugs described in these KBs are really
relevant anymore.
Note that FF can exhibit different behavior depending on how it's
configured. Note that for some strange reason, FF on Linux actually
requests a service ticket with each HTTP request even though it has a
perfectly good one in the cache. So make sure you're testing FF on
Windows if you want a fair comparison.
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
More information about the Kerberos
mailing list