On Mar 18, 2008 at 2:15 PM, Todd Stecher wrote: > I'm guessing that your workflow / product / code requires Kerberos
Yes. > and you're trying to figure out how to get SPNEGO wrapped kerberos > tokens all of the time? That would be nice, though as you mention there are many things that get in the way. > Chances are the answer you got about raw NTLM being "OK" was passed > through various layers of Microsoft from Larry Zhu, the author of > the RFC itself, and based on not on "correctness" but rather on > the behavior of millions of deployed clients and servers. I'd be impressed if they actually checked with Larry Zhu. I do suspect that the answer is, as you said, based on how their product has always functioned rather than "correctness". > Even if you could get MS to change the behavior to your interpretation > of the RFC, its not going to help much until every machine out there > is updated. I don't need every machine ... just my customers' machines. Our release notes can indicate what versions / hotfixes are required for proper operation. My approach might be different if I was designing a SSO toolkit to be included in other people's products. -- John ------------------------------------------------------------------------- | Feith Systems | Voice: 1-215-646-8000 | Email: [EMAIL PROTECTED] | | John Wehle | Fax: 1-215-540-5495 | | ------------------------------------------------------------------------- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
