[24552] in Kerberos
Re: windows browsers send ntlm instead of kerberos tokens
daemon@ATHENA.MIT.EDU (Markus Moeller)
Tue Aug 30 15:32:40 2005
Message-Id: <200508300808.j7U886Ge018719@pacific-carrier-annex.mit.edu>
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: binary
Mime-Version: 1.0
From: Markus Moeller <huaraz@moeller.plus.com>
To: Julien ALLANOS <julien.allanos@aql.fr>
Date: Tue, 30 Aug 2005 09:07:53 +0100
cc: kerberos@mit.edu
Reply-To: huaraz@moeller.plus.com
Errors-To: kerberos-bounces@mit.edu
Julian,
I think creating a keytab with HTTP/host.my.domain.tld@MY.DOMAIN.TLD should be
enough.
Regards
Markus
Julien ALLANOS wrote:
>
> Quoting Markus <markus_moeller@compuserve.com>:
>
>> Julien,
>>
>> as far as I am aware you can not use cnames. Normally the
>> client/server uses a call to gss_import_name which canonicalises the
>> hostname from the cname to the A record. If you capture the traffic on
>> port 88 on the client you should see a TGS-REQ for
>> HTTP/host.my.domain.tld although your URL was http://my.domain.tld.
>>
>> Regards
>> Markus
>>
>
> As I've already said before, I see no traffic between the client and the
> server
> (port 88). The client immediately send a NTLM token.
>
> If I could make Kerberos working, do you think a keytab with
> HTTP/host.my.domain.tld@MY.DOMAIN.TLD would be enough?
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos