Tuomas tuomaksen.spammiposti at gmail.com
Thu Sep 11 12:30:18 EDT 2008

Simo Sorce wrote:
> On Wed, 2008-08-20 at 19:32 +0300, Tuomas wrote:
>> I have been struggling with the same problem (with apache & 
>> mod_auth_kerb). For me it seems that there really isn't a foolproof
>> way 
>> to completely avoid getting NTLMSSP blobs from clients.
>> I wonder is there a way to perform the login using NTLMSSP data?
> You can try with mod-auth-ntlm-winbind:
> http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/trunk/mod_auth_ntlm_winbind/?root=lorikeet

Thanks for the info, I will try it as soon as I can get another test 
server to use since it's not possible to use both mod_auth_kerb and 
mod_auth_ntlm_winbind on the same server.

I also found out using wireshark what Internet Explorer does when it 
fails to authenticate using Kerberos. It asks a ticket from the Active 
Directory server for HTTP/virtualhost.domain.com instead of 
HTTP/realname.domain.com. For me this seems like a bug in IE7, has 
anyone found solutions for this?


More information about the Kerberos mailing list