Hi Wyllys We have a customer using apache 2.x with mod_auth_kerb as the web server, and Java 6 as the client. In Java's HTTP implementation, when we see a "WWW-Authenticate: Negotiate" header from the server, we would create a SPNEGO NegTokenInit and send it back in a WWW-Authorization header.
Now, it looks like that the customer's web server does not accept SPNEGO NegTokenInit, but only Kerberos AP-REQ. Is this true for the mod_auth_kerb module? I want to know if there's a way to configure the module to accept the SPNEGO token. Or, if it really only accepts Kerberos tokens, can it send "WWW-Authenticate: Kerberos" instead of "WWW-Authenticate: Negotiate"? The customer is using RedHat Linux, but I guess it should not make much difference. Thanks Max
