ons 2006-12-20 klockan 07:47 -0500 skrev Brian J. Murrell: > Hrm. Firefox seems to disagree, at least in it's implementation. Squid > sends "Negotiate" as the authentication mechanism and Firefox responds > with Kerberos.
The Negotiate HTTP scheme is defined by Internet RFC4559 "SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows", which specifies Kerberos within GSS-API as applied by SPNEGO.. Quote: The "Negotiate" auth-scheme calls for the use of SPNEGO GSSAPI tokens that the specific mechanism type specifies. Relevant RFCs: RFC4559 SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows (Negotiate) RFC4178 The Simple and Protected Generic Security Service Application Program Interface (GSS-API) Negotiation Mechanism (SPNEGO) RFC2743 Generic Security Service Application Program Interface Version 2, Update 1. (GSS-API) Now I am not an expert on how this translates to wire format so I leave it to you to read and consider if what your Firefox does is sufficient to meet the specifications or not.. Regards Henrik
signature.asc
Description: Detta är en digitalt signerad meddelandedel
