[30126] in Kerberos
Re: SSO
daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?Michael_Str=F6der?=)
Fri Jul 18 11:24:12 2008
From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>
Date: Fri, 18 Jul 2008 13:13:28 +0200
Message-ID: <ofa6l5-70c.ln1@nb2.stroeder.com>
Mime-Version: 1.0
X-Complaints-To: usenet-abuse@t-online.de
In-Reply-To: <mailman.179.1216345176.2966.kerberos@mit.edu>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Michael B Allen wrote:
> On Thu, Jul 17, 2008 at 6:46 PM, Russ Allbery <rra@stanford.edu> wrote:
>>> And that is the scenario where direct SPNEGO / NTLMSSP solutions are
>>> going to perform better.
>> If by "better" you mean "pretty much the same," yes, modulo the
>> configuration note that I mentioned.
>
> No, I definitely meant "better".
>
> With direct SPNEGO we 401 the initial HTTP request, accept one GSSAPI
> token and get a TGT.
Is the TGT sent by the browser in the SPNEGO blob? Up to now I thought
it's just a service ticket.
Ciao, Michael.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
