Thanks for the reply. I was using Microsoft AD as KDC, with IE 5.x clients logged on Win2k SP2 machines. I'll also try out Mozilla's SPNEGO implementation.
-Sanjay "Wyllys Ingersoll" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > Check out http://negotiateauth.mozdev.org > This guy has an extension for mozilla for supporting > Microsoft's Negotiate mechanism. However, his version > currently only supports Heimdal's Kerberos/GSSAPI. > This site also has links to Apache plugins which support > the IIS negotiate method. > > Also take a look at > http://bugzilla.mozilla.org/show_bug.cgi?id=17578 > > I posted a more generalized patch for Mozilla which *should* > be able to compile with Heimdal, MIT, or Solaris Kerberos > implementations. It likely will not appear in Mozilla > until release 1.7, though. In the meantime, extensions for > Mozilla 1.5 (and 1.6) should start appearing sometime > in the near future. > > You don't mention what browser you are using or > what OS platform you are using. > > -Wyllys > > > > > On Mon, 2003-11-24 at 15:10, Sanjay wrote: > > Hi, > > > > Is there a simple howto on getting a Win2K client, logged on to Active > > Directory (AD) domain, get a file from IIS server (running on AD server) > > with Kerberos authentication ..? > > > > -- IIS server is running on the Active Directory server (win2k domain > > server). > > Win2k Server, SP2 > > IIS 5.0 > > -- Win2K client is having SP2 & IE 5.5 SP2. > > > > With network tracing, I see IIS sends back WWW-Authenticate headers of > > Negotiate first, and then NTLM, but for some reason, Win2k client picks up > > the NTLM related handshake, not Negotiate. > > > > During Windows logon on this client, I made sure that I use a sample user > > login from the above AD domain, and also made sure that Kerberos was > > exchanged between the client and AD KDC server. > > > > Now, how do I get the Kerberos handshake going over HTTP against IIS that is > > running on the same AD server ? > > > > Anyone got this going against any other HTTP server (Apache?) > > > > tia, > > Sanjay > > > > > > ________________________________________________ > > Kerberos mailing list [EMAIL PROTECTED] > > https://mailman.mit.edu/mailman/listinfo/kerberos > -- > Wyllys Ingersoll <[EMAIL PROTECTED]> > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
