[30289] in Kerberos
Re: spnego
daemon@ATHENA.MIT.EDU (Tuomas)
Thu Sep 11 13:40:47 2008
Message-ID: <48C9479A.3080604@gmail.com>
From: Tuomas <tuomaksen.spammiposti@gmail.com>
MIME-Version: 1.0
In-Reply-To: <mailman.2.1219265821.4454.kerberos@mit.edu>
Date: Thu, 11 Sep 2008 19:30:18 +0300
X-Complaints-To: newsmaster@saunalahti.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Simo Sorce wrote:
> On Wed, 2008-08-20 at 19:32 +0300, Tuomas wrote:
>
>> I have been struggling with the same problem (with apache &
>> mod_auth_kerb). For me it seems that there really isn't a foolproof
>> way
>> to completely avoid getting NTLMSSP blobs from clients.
>>
>> I wonder is there a way to perform the login using NTLMSSP data?
>
> You can try with mod-auth-ntlm-winbind:
> http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/trunk/mod_auth_ntlm_winbind/?root=lorikeet
>
Thanks for the info, I will try it as soon as I can get another test
server to use since it's not possible to use both mod_auth_kerb and
mod_auth_ntlm_winbind on the same server.
I also found out using wireshark what Internet Explorer does when it
fails to authenticate using Kerberos. It asks a ticket from the Active
Directory server for HTTP/virtualhost.domain.com instead of
HTTP/realname.domain.com. For me this seems like a bug in IE7, has
anyone found solutions for this?
Cheers,
Tuomas
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos