Is that true when IIS issues "WWW-Authenticate: Negotiate" it actually means NTLM? Supposedly after win 2000 Kerberos replaced NTLM to became the default authentication mechanism in win but I'm not sure how they integrate kerberos into HTTP traffic. And if kerberos authentication is doable, how a 3rd party http proxy to support this in terms of proxy authorization (407 return code)?
Kent -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2003 5:34 AM To: Sam Hartman Cc: Kerberos Mailing Subject: Re: GSSAPI x Kerberos Sam Hartman wrote: > Implement using GSSAPI unless there is something that you need that > cannot be provided by GSSAPI. Thanks :-) I was going to do that but I asked here to be sure... The SPNEGO draft on IETF (draft-brezak-spnego-http-04) explains how Microsoft implemented the GSS over HTTP to IIS and IE, in the docs it says to use "WWW- Authenticate: Negotiate", but the patch to Mozilla looks a little different, it uses "GSS-Negotiate"... Since I'm going to do both server and client modification to support Kerberos in this application I could use anything, what you think that would be better the MS draft or the one the works on Mozilla/Apache? There's any other kind of GSS authentication over HTTP? Thanks in advance, Silvio Fonseca Linux Consultant ------------------------------------------------- Relato Consultoria de Inform�tica Rua Mto. Jo�o Gomes de Ara�jo, 106 cj. 42 Alto de Santana - S�o Paulo - SP Telefones: (11) 6978-5253 / (11) 6978-5262 Fax: (11) 6971-3115 ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
