[30226] in Kerberos
Re: spnego
daemon@ATHENA.MIT.EDU (Tuomas)
Wed Aug 20 15:42:10 2008
From: Tuomas <tuomaksen.spammiposti@gmail.com>
MIME-Version: 1.0
In-Reply-To: <mailman.70.1218985757.3905.kerberos@mit.edu>
Message-ID: <qGXqk.53083$_03.38954@reader1.news.saunalahti.fi>
Date: Wed, 20 Aug 2008 19:32:22 +0300
X-Complaints-To: newsmaster@saunalahti.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Michael B Allen wrote:
> On Sun, Aug 17, 2008 at 3:35 AM, yuval <yabadi@checkpoint.com> wrote:
>> Hi All
>>
>> I have web server that required authentication.
>> It does so by returning 401 www-authenticate: negotiate.
>> IE (FF too) sends Kerberos ticket to authenticate.
>>
>> When client (or client machine) is not from domain, IE popup for credential
>> and create NTLMSSP blob.
>>
>> Is any way to continue the negotiation with the IE before it pops up the
>> NTLM credential to user? May be by sending spengo option?
>
> See "Issue 3" in the Plexcel Operators Manual on the Support page of
> the website in my signature. It outlines all of the reasons for
> browsers not doing Kerberos (obviously if you are not using Plexcel
> you will need to ignore any product specific references but getting
> browsers to do Kerberos is pretty much the same regardless of what you
> are using on the server side).
>
> Mike
>
Hi!
I have been struggling with the same problem (with apache &
mod_auth_kerb). For me it seems that there really isn't a foolproof way
to completely avoid getting NTLMSSP blobs from clients.
I wonder is there a way to perform the login using NTLMSSP data?
Cheers,
Tuomas
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
