[30289] in Kerberos

home help back first fref pref prev next nref lref last post

Re: spnego

daemon@ATHENA.MIT.EDU (Tuomas)
Thu Sep 11 13:40:47 2008

Message-ID: <48C9479A.3080604@gmail.com>
From: Tuomas <tuomaksen.spammiposti@gmail.com>
MIME-Version: 1.0
In-Reply-To: <mailman.2.1219265821.4454.kerberos@mit.edu>
Date: Thu, 11 Sep 2008 19:30:18 +0300
X-Complaints-To: newsmaster@saunalahti.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Simo Sorce wrote:
> On Wed, 2008-08-20 at 19:32 +0300, Tuomas wrote:
> 
>> I have been struggling with the same problem (with apache & 
>> mod_auth_kerb). For me it seems that there really isn't a foolproof
>> way 
>> to completely avoid getting NTLMSSP blobs from clients.
>>
>> I wonder is there a way to perform the login using NTLMSSP data?
> 
> You can try with mod-auth-ntlm-winbind:
> http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/trunk/mod_auth_ntlm_winbind/?root=lorikeet
> 

Thanks for the info, I will try it as soon as I can get another test 
server to use since it's not possible to use both mod_auth_kerb and 
mod_auth_ntlm_winbind on the same server.

I also found out using wireshark what Internet Explorer does when it 
fails to authenticate using Kerberos. It asks a ticket from the Active 
Directory server for HTTP/virtualhost.domain.com instead of 
HTTP/realname.domain.com. For me this seems like a bug in IE7, has 
anyone found solutions for this?

Cheers,
Tuomas
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post